ZachXBT exposes the Axiom insider scandal, how internal employees abuse their privileges?

Author: Chloe, ChainCatcher

The event that has attracted market attention in recent days, accumulating tens of millions of dollars in bets on Polymarket, "Which Crypto company will ZachXBT expose for insider trading?" has finally come to an end. On February 26, on-chain detective ZachXBT officially released an investigation report, pointing the finger directly at the DeFi trading platform Axiom Exchange.

The report accuses that a senior employee of the platform has allegedly abused internal management privileges to illegally access users' private wallet data for a long time, turning this sensitive information into a tool for insider trading. This article will delve into the evidence chain revealed by ZachXBT, where "on-chain transparency" is hijacked by "off-chain black box management."

ZachXBT Exposes Axiom Exchange Insider Trading Scandal

Axiom Exchange was co-founded by Mist and Cal and was selected for Y Combinator Winter Batch (W25) in early 2025. This platform delivered an astonishing performance with cumulative revenue exceeding $390 million in just one year. However, behind the brilliant financial data, a senior business development employee named Broox Bauer was turning Axiom's backend tools into a private hunting ground.

According to ZachXBT's investigation, Broox Bauer did not act alone; he established an organized "information monetization" process, with the core being Axiom's internal control dashboard, allowing Broox to freely query any user's private information through promotional codes, wallet addresses, or UIDs. Broox stated in a recording that he could "find out anything about that person," and his operations exhibited a strong awareness of counter-surveillance:

1. Initially querying only 10 to 20 wallets to avoid triggering system anomaly alerts.

2. The targets were not randomly selected. For instance, a KOL named Marcell became a key tracking target due to purchasing a large amount of meme coins with his private wallet and promoting liquidity exit to his fans. The private wallets of such traders are rarely public, and the address reuse rate is low, making this information highly valuable for arbitrage.

3. Establishing organization and rules, such as another Axiom employee Ryan (Ryucio) assisting in finding user information, hiring Gowno as a moderator, and compiling these private wallets into Google Sheets for tracking.

These violations lasted for over ten months (starting in April 2025), with the evidence chain including backend management screenshots of victims "Jerry" and "Monix." This information also raised questions: why did a business development employee have cross-functional access? The necessary monitoring alerts and access isolation clearly did not function.

Axiom's Official Response Fails to Conceal Structural Dysfunction

After the release of the ZachXBT report, Axiom's official response followed a standard public relations crisis management approach: issuing a statement expressing "shock and disappointment," revoking access, and initiating an investigation. However, this still cannot conceal the underlying structural dysfunction, as such incidents reveal the platform's failure in access control, rather than merely being the actions of an individual employee.

1. Missing Audit Logs

In traditional finance or mature Web2 tech companies, any operation accessing sensitive user data must leave a log. If a business development employee can cross-functionally query hundreds of wallet addresses unrelated to their business, the system should trigger an alert immediately. Axiom's ten-month regulatory vacuum indicates that its internal system may not even have an "anomaly detection mechanism," and whether "operation records" are retained is also questionable.

2. The Scope of Victims Remains Unclear

Axiom's statement did not mention the scale of affected users. This raises deeper concerns: if Broox Bauer could access this information, what about other employees? The report mentions moderator Gowno and another business development employee Ryan as accomplices, suggesting that such abuse of privileges may be relatively easy. When an organization's governance structure is based on "trust" rather than "institution," the marginal cost of internal corruption is extremely low.

Are Permissions Just a Formality? The Data Governance Black Hole of Web3 Startups

Further examining the core of this scandal. The dimensions of accessible data listed in the ZachXBT report are alarming: complete wallet lists of users, wallets being tracked by users, complete transaction histories, user-defined wallet note names, and associated accounts. This list encompasses not just transaction data but also reconstructs a user's complete on-chain behavior pattern.

In traditional financial institutions, access to such data is strictly constrained by the "minimum necessary information principle." Any employee without a clear business necessity is prohibited from accessing sensitive customer data; all access actions must retain auditable operation logs and be periodically spot-checked by compliance departments. The design logic of this mechanism is simple: it does not rely on the personal moral standards of employees but instead minimizes damage before problems occur through dual constraints of technology and systems.

Axiom's backend clearly did not meet this standard. More thought-provoking is that such issues are not isolated cases in Web3 startups. Rapidly expanding teams often concentrate engineering resources on product iteration, while compliance and data governance frameworks are deprioritized, sometimes even viewed as topics to be addressed "after listing." However, once a platform reaches the scale of Axiom, the sensitivity of the data accessible through backend tools far exceeds that of the early stages, while the construction of protective mechanisms often remains at the startup level.

This case also reveals a unique absurd paradox of Web3: on-chain transparency does not equate to off-chain transparency. Blockchain provides "anonymized transparency" for transactions; everyone can see the flow of addresses but struggles to discern the entities behind them. However, the real risk occurs the moment users complete registration, bind wallets, and set notes: they hand over the most critical correspondence of "this address's owner is me" to the platform's centralized database.

After this, anonymity gradually becomes an illusion. Once this layer of identity is associated with more information, tagged with more labels, or even abused, on-chain transparency no longer protects users but instead becomes the most precise tool in the hands of perpetrators.

Decentralization at the Protocol Level Does Not Equate to Company Decentralization

The Axiom scandal reveals not just the personal misconduct of a few employees. It serves as a mirror reflecting a significant contradiction that the entire Web3 industry has long avoided under the narrative of "decentralization": decentralization at the protocol level does not equate to decentralization at the operational level of companies.

When a platform's core business still relies on centralized backend systems, manual customer service, and employee judgment, the labels "DeFi" or "Web3" resemble mere front-end decorations. Users trust the immutability of smart contracts but forget that at the moment they input personal information and bind wallets, they have already handed over the most critical information to a completely centralized organization.

Trust has never been free; in places where systems are not yet mature, the party bearing the cost of trust is always the one with the most asymmetric information.