ZachXBT: Axiom Employees Spied on Users – What’s Next?

by

On a Thursday that was perhaps slightly more mundane than usual, Onchain investigator ZachXBT unleashed a detailed X thread, suggesting that some employees at Axiom might have been misusing internal tools to peek into user wallet data, possibly leading to insider trading. A scenario that would make even the most seasoned bureaucrat blush.

ZachXBT Investigation Points to Alleged Data Misuse

ZachXBT posted the thread at 8:41 a.m. EST, naming Broox Bauer, a senior business development employee at Axiom based in New York. According to ZachXBT, Bauer and others allegedly exploited the company’s insufficient access controls to snoop on sensitive wallet information since early 2025. One might wonder why Axiom didn’t secure their internal dashboards with the same care as a dragon’s hoard.

Axiom was founded in 2024 by the enigmatic Cal and Mist, and later joined Y Combinator’s Winter 2025 batch. With over $390 million in revenue, it’s now one of the sector’s more profitable firms. One might say they’re doing well, but perhaps not well enough to prevent their employees from indulging in a spot of data snooping.

ZachXBT said he was retained to independently investigate alleged misconduct at Axiom after receiving reports. He cited audio clips from a private group call in which Bauer allegedly stated he could track any Axiom user via referral code, wallet address or UID and claimed he could “find out anything to do with that person.” In the same recording, Bauer allegedly described gradually increasing the number of wallets reviewed, “so it does not look that suspicious.” One might say he’s a master of subtlety, or perhaps just a very bad liar.

The thread also references screenshots Bauer allegedly shared in April and August 2025 from what ZachXBT described as an internal Axiom dashboard. The images purportedly showed wallet information for traders identified as “Jerry” and “Monix,” as well as lookups tied to users who traded the meme coin AURA. One might question why a company would allow such data to be accessed so freely, but perhaps they were just testing the limits of human curiosity.

Source: Google spreadsheet screenshot shared by ZachXBT on Thursday morning.

According to ZachXBT, a Google Sheet compiled by members of the group mapped wallet addresses gathered from internal dashboard data and targeted several key opinion leaders, or KOLs. He wrote that multiple KOLs named in leaked screenshots confirmed the accuracy of wallet data attributed to them. One might think that if you’re going to leak data, you should at least make it look plausible, but apparently, this was deemed sufficient.

One of the traders allegedly targeted was identified as Marcell, described by ZachXBT as having a reputation for promoting meme coins after accumulating supply through private wallets. ZachXBT asserted that traders using private wallets would be especially vulnerable if privileged internal data were misused. One might wonder if Marcell’s private wallets were as secure as he thought, or if he was just being overly confident.

The thread also details blockchain analysis linking a wallet attributed to Bauer to multiple addresses and centralized exchange deposit accounts. ZachXBT wrote that high trading volume made it difficult to determine specific instances of insider trading without access to Axiom’s internal logs. One might say that if you’re going to trade, you should at least make it easy for others to track you, but apparently, that’s not the case here.

In a February 2026 recorded call cited in the thread, Bauer allegedly outlined a plan to help a friend profit $200,000 by leveraging internal access. ZachXBT wrote that private chats included screenshots of exchange balances, suggesting prior gains. One might think that if you’re going to make money, you should at least be subtle about it, but perhaps Bauer was just being overly ambitious.

ZachXBT said he contacted Axiom for comment prior to publication and attached the company’s response. Axiom stated:

“We are surprised and disappointed to hear that someone on our team abused internal customer support tools to look up user wallets. We have removed access to these tools and will continue to investigate and hold the offending parties responsible. This does not represent us as a team, we have always tried to put the user first. We’ll share updates on our Twitter as we learn more.”

ZachXBT added that, regardless of whether Axiom’s co-founders were aware, he believes monitoring and access controls appeared limited and called for further investigation. He also suggested the matter could fall under the jurisdiction of the U.S. Attorney’s Office for the Southern District of New York, though no charges have been announced. One might ask, if they’re so concerned about users, why did they let their tools be misused in the first place?

FAQ 🔎

  • What did ZachXBT allege about Axiom?
    He alleged that certain employees misused internal tools to access private wallet data and potentially trade on that information. A scenario that would make even the most privacy-conscious user question their life choices.
  • Did Axiom respond to the claims?
    Yes, Axiom said it removed access to the tools in question and is investigating the matter. One might wonder if they’re investigating the problem or just the PR fallout.
  • Were criminal charges announced?
    No criminal charges have been announced at this time. Perhaps the legal team is still deciding whether to charge the employees or the company’s security protocols.
  • What evidence did ZachXBT cite?
    He referenced audio recordings, screenshots of internal dashboards and blockchain address analysis. A treasure trove of evidence that would make a detective blush.

Read More

2026-02-26 17:28