ZachXBT reveals the Axiom insider scandal, how internal employees abuse their privileges?

Author: Chloe, ChainCatcher

The event that has attracted the market's attention in recent days, accumulating tens of millions of dollars in bets on Polymarket, "Which Crypto company will ZachXBT expose for insider trading?" has finally come to an end. On February 26, on-chain detective ZachXBT officially released an investigation report, directly pointing the finger at the DeFi trading platform Axiom Exchange.

The report accuses that a senior employee of the platform is suspected of abusing internal management privileges to illegally access users' private wallet data for a long time, turning this sensitive information into a tool for insider trading. This article will delve into the evidence chain revealed by ZachXBT, when "on-chain transparency" is hijacked by "off-chain black box management."

ZachXBT Exposes Axiom Exchange Insider Trading Scandal

Axiom Exchange was co-founded by Mist and Cal, and was selected for Y Combinator Winter Batch (W25) in early 2025. This platform delivered an astonishing performance with cumulative revenue exceeding $390 million in just one year. However, behind the brilliant financial data, a senior business development employee named Broox Bauer was turning Axiom's backend tools into a private hunting ground.

According to ZachXBT's investigation, Broox Bauer was not acting alone; he established an organized "information monetization" process, with the core being Axiom's internal control dashboard. Broox could freely query any user's private information through promotional codes, wallet addresses, or UIDs. In a recording, Broox stated that he could "find out anything about that person," and his operations showed a strong awareness of counter-surveillance:

1. Initially querying only 10 to 20 wallets to avoid triggering system anomaly alerts.

2. The targets were not randomly selected. For example, a KOL named Marcell, who had purchased a large amount of meme coins with a private wallet, became a key tracking target when promoting liquidity exits to his fans. The private wallets of such traders are rarely public, and the low address reuse rate makes this information highly arbitrageable.

3. Establishing organization and rules, such as another Axiom employee Ryan (Ryucio) assisting in finding user information, hiring Gowno as a moderator, and compiling these private wallets into Google Sheets for tracking.

These violations lasted for more than ten months (starting in April 2025), and the evidence chain includes backend management screenshots from victims like "Jerry" and "Monix." This information also raises questions: why did a business development employee have cross-functional access? The expected monitoring alerts and access isolation clearly did not function.

Axiom's Official Response Cannot Conceal Structural Incompetence

After the release of the ZachXBT report, Axiom's official response followed a standard public relations crisis management approach: issuing a statement expressing "shock and disappointment," revoking access, and initiating an investigation. However, this still cannot conceal the underlying structural incompetence; such incidents reveal the platform's failure in access control, rather than merely being the actions of a single employee.

1. Missing Audit Logs

In traditional finance or mature Web2 tech companies, any operation accessing sensitive user data must leave a log. If a business development employee can query hundreds of wallet addresses unrelated to their business, the system should trigger an alert immediately. Axiom's ten-month regulatory vacuum indicates that its internal system may not even have an "anomaly detection mechanism," and whether "operation records" are retained is also questionable.

2. The Scope of Victims Remains Unclear

Axiom's statement did not mention the scale of affected users. This raises deeper concerns: if Broox Bauer could access this information, what about other employees? The report mentions moderator Gowno and another business development employee Ryan as accomplices, suggesting that such abuse of power may be relatively easy. When an organization's governance structure is based on "trust" rather than "institution," the marginal cost of internal corruption is extremely low.

Is Access Control Meaningless? The Data Governance Black Hole of Web3 Startups

Further examining the core of this scandal. The dimensions of accessible data listed in the ZachXBT report are alarming: complete wallet lists of users, wallets being tracked by users, complete transaction histories, user-defined wallet notes, and associated accounts. This list covers not just transaction data but provides a complete picture of a user's on-chain behavior patterns.

In traditional financial institutions, access to such data is strictly constrained by the "minimum necessary information principle." Any employee without a clear business necessity is prohibited from accessing sensitive customer data; all access actions must retain auditable operation logs and be periodically spot-checked by compliance departments. The design logic of this mechanism is simple: it does not rely on the personal moral standards of employees but instead uses a dual constraint of technology and systems to minimize damage before issues arise.

Axiom's backend clearly did not meet this standard. More thought-provoking is that such problems are not isolated cases in Web3 startups. Rapidly expanding teams often concentrate engineering resources on product iteration, while compliance and data governance frameworks are postponed or even viewed as topics to be addressed "after listing." However, once a platform reaches a scale like Axiom, the sensitivity of the data that backend tools can access far exceeds that of the early stages, while the construction of protective mechanisms often remains at the startup level.

This case also reveals the absurd paradox unique to Web3: on-chain transparency does not equate to off-chain transparency. Blockchain provides "anonymized transparency" for transactions; everyone can see the flow of addresses but cannot discern the entities behind them. However, the real risk occurs at the moment users complete registration, bind wallets, and set notes: they hand over the most critical correspondence of "the owner of this address is me" to the platform's centralized database.

After this, anonymity gradually becomes an illusion. Once this layer of identity is associated with more information, labeled with more tags, or even abused, on-chain transparency no longer protects users but instead becomes the most precise tool in the hands of perpetrators.

Decentralization at the Protocol Level Never Equates to Company Decentralization

The Axiom scandal reveals not just the personal misconduct of a few employees. It is more like a mirror reflecting a significant contradiction that the entire Web3 industry has long avoided under the narrative of "decentralization": decentralization at the protocol level never equates to decentralization at the operational level of the company.

When a platform's core business still relies on centralized backend systems, manual customer service, and employee judgment, the labels "DeFi" or "Web3" become more like front-end decorations. Users trust the immutability of smart contracts but forget that at the moment they input personal information and bind wallets, they have handed over the most critical information to a completely centralized organization.

Trust has never been free; in places where systems are not yet mature, the party bearing the cost of trust is always the one with the most asymmetric information.