Crypto Detective Strikes Again: Who Did He Catch This Time?
Renowned on-chain investigator ZachXBT released his latest investigation report on Thursday, officially naming the cryptocurrency exchange Axiom, accusing its employees of abusing internal tools to secretly track user wallets, and even turning these confidential data into trading advantages to profit from buying and selling cryptocurrencies. Earlier, ZachXBT had hinted at exposing an insider trading case, sparking speculation within the crypto community for days, and now the truth has finally come to light.
Axiom was founded in 2024 by pseudonymous founders “Mist” and “Cal,” and successfully joined the Y Combinator top-tier accelerator in Winter 2025. To date, its revenue has exceeded $390 million.
ZachXBT stated that he was commissioned by multiple whistleblowers to investigate whether Axiom’s internal tools were being misused, but he did not disclose the identity of the commissioning parties.
In the report, ZachXBT accused Broox Bauer, a senior business development manager at Axiom based in New York, of using internal customer service system permissions to access private wallet data of Axiom users, including wallet addresses, full transaction records, and other sensitive information. According to audio recordings cited in the investigation, Broox Bauer claimed he could track any Axiom user through referral codes, wallet addresses, or user IDs. He also described how he “gradually” searched these wallets and mentioned he would “slowly check, so it doesn’t look too suspicious.”
Although on-chain transactions are inherently transparent and anyone can verify fund flows, most market participants can only see “wallet addresses” and cannot identify who is behind them. However, once internal information is used to match specific addresses with real user identities and account data, it effectively opens the door to “de-anonymization.”
Tracking well-known traders, crypto KOLs, or whales’ trading activities and leveraging “information asymmetry” for profit or risk mitigation constitutes insider trading, such as:
- Detecting which tokens a KOL has bought before they publicly endorse them, allowing pre-positioning;
- Or exiting early when large holders move funds or prepare to sell off in bulk.
Compiling “Crypto KOL Wallet Lists” and scheming to profit using internal tools
ZachXBT further revealed that Broox Bauer allegedly leaked screenshots of Axiom’s internal dashboard, exposing specific traders’ wallet addresses, and even helped compile a “private wallet list of crypto KOLs.” ZachXBT emphasized that multiple victims whose wallet data was leaked confirmed the accuracy of these leaks.
He also mentioned that Broox Bauer conspired with accomplices on how to use “privileged access” to profit from trading, even planning a scheme to help another Axiom team member make $200,000 by abusing internal tools.
ZachXBT stated he has identified Broox Bauer’s main wallets and related addresses; however, he admitted that to fully confirm the specific insider trading behind these wallets, internal logs from Axiom would need to be reviewed.
Axiom responds: Access to related tools has been revoked
In response, Axiom provided a statement to ZachXBT, acknowledging awareness of the allegations and stating that measures have been taken. The company said:
“We are shocked and disappointed that someone on our team has abused internal customer service tools to spy on user wallets. We have revoked access to these tools and will continue investigating to hold the violator accountable.”
Axiom emphasized, “This does not represent the actions of our entire team. We always prioritize our users. We will update further developments on our official X account.”
ZachXBT pointed out that before the investigation report was published, he had contacted Axiom and described the company’s internal permission controls as “relatively lax,” with employees able to easily view numerous wallets and transaction data in the backend. He also mentioned that since the involved employee is based in the U.S., the case may fall under U.S. jurisdiction.
Side story: Market prediction triggers betting frenzy, mysterious trader profits $39,000 with precise arbitrage
Earlier this week, when ZachXBT announced he would expose an insider trading case, it sparked a speculative frenzy in prediction markets. On Polymarket, a contract titled “Which crypto company will ZachXBT expose for insider trading?” had a total trading volume of $27.6 million, with traders wildly betting on Axiom, Meteora, Pump.fun, and other well-known platforms.
Meanwhile, on-chain analysts detected unusual trading patterns. According to Lookonchain, an anonymous trader placed a bet of over $50,000 on Axiom being named, with relatively low odds, then closed the position within a day, easily earning $39,000 in profit.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Solana non-USD stablecoin user count has grown nearly threefold year over year, with EURC and BRZ leading the way
The number of independent senders of non-USD stablecoins on the Solana chain has grown nearly threefold year over year, driven mainly by the euro stablecoin EURC and the Brazilian real stablecoin BRZ. Solana’s technical advantages have attracted the integration of multiple payment providers, reflecting a rising market demand for cross-border payments on high-throughput blockchains.
GateNews17m ago
Drift Protocol suffers losses of about $280 million from a new type of attack, and management control is taken over
Drift Protocol recently suffered a complex attack. Malicious actors used the durable nonce technology to obtain unauthorized administrative privileges, resulting in approximately $280 million in funds being withdrawn. The investigation found no program vulnerabilities; it may involve social engineering. Drift has frozen protocol functionality and updated the multisig to protect assets.
GateNews1h ago
USD.AI launches a token with a “non-transferable” trap; CHIP claims are open but trading is impossible
USD.AI has opened claims for the token CHIP, but trading is still not possible, which does not match the settlement standard “issue tokens” for prediction markets, resulting in settlement being “No.” The agreement is led by Framework Ventures, and although it has market momentum, there are risks in the lending model and team background that need to be assessed. The official listing date will be key to pricing.
MarketWhisper2h ago
March DEX total trading volume fell to $20.2 billion, and Solana DEX trading volume hit the lowest level since September 2024.
Gate News message, April 2, Defillama data shows that in March 2026, the total DEX trading volume was $202.0 billion, nearly dropping back to the $251.3 billion level from March 2025. During the same period, Solana DEX trading volume was about $57.3 billion, falling to its lowest level since September 2024.
GateNews2h ago
XRP Today News: New OCC regulations take effect, speeding up Ripple’s banking license process
The U.S. Office of the Comptroller of the Currency (OCC) issued Bulletin 2026-4, effective April 1, providing a clear regulatory path for Ripple’s national trust bank and allowing it to operate after meeting the conditions to open for business. This bulletin replaces “fiduciary activities” with “the operations of a trust company,” expanding the organization’s service scope, including digital asset custody services. Ripple’s regulatory status has undergone a significant transformation, and in its application for a licensed institution, it seeks a Federal Reserve master account, focusing on the growth and challenges of the digital asset market.
MarketWhisper3h ago
DeFi platform Drift was hacked on April Fools' Day! The hacker drained $270 million in assets, with the administrator key being the vulnerability.
Drift Protocol suffered a major security incident on April 1, with losses exceeding $270 million, and TVL dropped sharply within 12 minutes. The investigation shows the attackers began deploying three weeks earlier, using forged tokens and an administrator key vulnerability to carry out manipulation, resulting in large-scale withdrawals of funds. The incident dealt a severe blow to market confidence, and Drift is seeking to recover the funds and strengthen its security protections.
CryptoCity3h ago
