On February 26, on-chain investigator ZachXBT released an investigation report accusing multiple employees of the cryptocurrency trading platform Axiom of long-term exploitation of internal backend access vulnerabilities to conduct predatory trading. The investigation focuses on senior business development (BD) employee Broox Bauer at Axiom’s New York office, who assisted co-conspirators in illegally profiting $200,000 in a short period.
Specific Methods of Insider Trading: Backend Dashboard Turned Hunting Tool
(Source: ZachXBT)
According to ZachXBT’s investigation, the root cause of this incident lies in Axiom’s internal backend (Dashboard) lacking effective access control mechanisms. This system not only displays lists of user wallet addresses, referral codes, and user IDs but also tracks addresses users are monitoring, complete transaction histories, and even includes custom nicknames set by users for specific wallets.
ZachXBT obtained recordings and chat screenshots showing Broox Bauer explicitly claiming in a recording that he can track any Axiom user and uncover their full background information. The following are the main steps revealed in the investigation:
Targeting Key Opinion Leaders (KOLs): Starting early 2025, Broox Bauer focused on influential traders on X and Telegram, especially targeting KOLs with “bundling” behaviors—meaning they pre-purchase large amounts of tokens through multiple private wallets before publicly promoting meme coins.
Matching Private Wallets: Using internal Axiom data comparison, they successfully identified private wallet addresses of these KOLs that had not been publicly disclosed, compiling them into a Google spreadsheet.
Joint Ambush with Co-conspirators: Gaining the trust of friend Gowno (Seb, recently hired as Axiom forum moderator) and another BD employee Ryan (Ryucio), they carried out precise follow trades and ambush transactions on tokens like $AURA and other meme coins.
Planning $200,000 in Illegal Profits: In a February 2026 call recording, Broox Bauer detailed how he helped Gowno achieve illegal profits of $200,000 in a short period.
Official Emergency Response, Polymarket’s Early Prediction, and Legal Risks
Axiom Official Statement
Axiom responded swiftly after the report: “We are shocked and disappointed by team members abusing internal customer support tools to search user wallets. We have revoked access to these tools and will continue investigating and holding responsible those involved. This does not reflect our team’s stance; we remain committed to prioritizing our users.”
Polymarket’s Accurate Prediction
Notably, before ZachXBT’s official release of the report, odds on the decentralized prediction platform Polymarket experienced dramatic fluctuations. The initially favored suspects Meteora and Pump.fun quickly lost favor, with all betting funds shifting to Axiom, ultimately leading to an accurate prediction of the target, demonstrating the market’s highly responsive reaction to insider information.
Potential Legal Consequences
Since Broox Bauer resides in New York, ZachXBT emphasized in the report that this case is highly likely to fall under U.S. federal prosecutors’ jurisdiction, potentially leading to criminal charges. This has sparked widespread discussion within the crypto community regarding platform employees’ data access behaviors.
Axiom was founded in 2024 by Henry Zhang (Mist) and Preston Ellis (Cal), both 22-year-old college graduates who rapidly grew the platform’s total revenue to over $390 million. ZachXBT concluded that whether or not the founders were directly aware, the company’s oversight of employee data access has become nearly completely ineffective, posing systemic risks to user asset privacy.
Frequently Asked Questions
Q: What is ZachXBT’s investigation report based on as evidence?
A: According to the public report, the evidence includes recordings of calls, chat screenshots, and Google spreadsheets organized by Broox Bauer. These materials show that the involved parties were aware they were abusing internal systems to access user data and had specific plans for illegal profits. The investigation combines on-chain address analysis with off-chain communication records for dual verification.
Q: Why shouldn’t Axiom’s backend dashboard be accessible to business development personnel?
A: Business development (BD) staff typically focus on client relations and partnership development, and normally do not need access to sensitive data such as user wallet addresses, transaction histories, or tracked addresses. Such data access rights are usually limited to technical support, compliance, or security personnel. The incident exposed a lack of role-based access control based on the principle of least privilege.
Q: What impact does this incident have on the Solana ecosystem?
A: Axiom is a leading trading platform within the Solana ecosystem. This scandal damages the overall decentralization image of Solana and has sparked broad industry discussions on internal governance and compliance of on-chain platforms. Many industry insiders believe that transparency should not be limited to on-chain activities; internal compliance audits and data security frameworks are essential for maintaining long-term user trust.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Pipe Network Launches SolanaCDN: A Free, Open-Source Validator Client With Built-In Acceleration for Solana
San Francisco, CA, February 26th, 2026, Chainwire
SolanaCDN delivers 3.8x faster shred propagation through a global mesh of 35,000+ nodes, provided as a public good for the Solana network
Pipe Network today announced the launch of SolanaCDN, a free, open-source Solana validator client with an
CoinDesk3h ago
SOL dips below 80 USDT, a 24-hour drop of 0.27%
Gate News message, April 5, according to some CEX data, SOL fell below 80 USDT, and is currently trading at 79.96 USDT, down 0.27% over the past 24 hours.
GateNews4h ago
Solana Holds Key Support as Bitcoin Rally Lifts Crypto Market
Solana's price remained above $80 amid rising Bitcoin values, contributing to a broader crypto market recovery with a capitalization of $2.35 trillion. Institutional demand and easing geopolitical tensions supported this growth, while Solana led in decentralized finance activity, recording significant DEX and stablecoin volumes in March.
CryptoNewsLand18h ago
Solana Holds Key Support as Range Tightens Below $90
Key Insights
Solana trades near $80 support as price compresses within a tight range, reflecting reduced volatility and balanced market participation among traders.
Persistent lower highs and price below major moving averages confirm ongoing bearish structure, limiting recovery attempts
CryptoNewsLand19h ago
Solana testnet deploys quantum-safe signatures, with network processing speed dropping by about 90%
Project Eleven and the Solana Foundation deployed quantum-safe signatures on a testnet. Initial results show their size is 20–40 times larger than existing signatures, causing transaction speeds to drop by 90%. Solana’s public-key design exposes it to higher quantum-attack risk, surpassing Bitcoin and Ethereum. Although the latter are looking for secure solutions, Solana is already leading in quantum-safe experiments.
GateNews21h ago
