Axiom Insider Trading Scandal 2026: Complete Analysis and Security Lessons
Axiom's 'God mode' let insiders front-run users on-chain. Full breakdown of what happened, who was affected, and why non-custodial trading is the only real protection.
TL;DR
A senior Axiom Exchange employee used an internal 'God mode' dashboard to front-run profitable traders for over ten months, earning $400,000+. The attack required no exploit — only unrestricted access to a database linking user identities to wallet addresses. Non-custodial for funds is not non-custodial for data. Platforms that don't collect identity-wallet mappings and publish every trade on-chain eliminate this attack vector by design.
Florian
Founder & Head of Quant — Stratium
TL;DR: A senior Axiom employee used an internal "God mode" dashboard to front-run profitable traders for 10+ months, earning $400,000+. The attack needed no exploit — only unrestricted access to a database linking user identities to wallet addresses. Non-custodial for funds is not non-custodial for data. Platforms that don't collect identity-wallet mappings and publish every trade on-chain eliminate this attack vector by design.
By Florian · Stratium · March 7, 2026 · 12 min read
Florian is the founder of Stratium and has been trading Solana-based strategies since 2022. Stratium's strategy wallet performance is publicly verifiable in real time on Solscan. This article is not financial advice. Solana memecoin trading involves substantial risk of loss, including total loss of funds.
Transparency note: This analysis includes references to Stratium, which is built by the same team behind this publication. All security recommendations are based on publicly available information about the Axiom incident.
The Axiom insider trading scandal that broke on February 26, 2026 is the most important thing that has happened to Solana copy trading in the past two years — not because of what Axiom did, but because of what it revealed about the entire category.
The short version: a senior business development employee at Axiom Exchange, one of the dominant Solana trading terminals, allegedly used an internal administrative dashboard to access the private wallet data of other users for over ten months. He used that data to front-run profitable traders. He earned over $400,000 doing it. And it worked because Axiom's architecture gave non-technical employees unrestricted access to every user's wallet addresses, transaction histories, watchlists, and linked social accounts — with no audit logs, no anomaly detection, and no access controls.
This was not a hack. This was a feature.
That is the thing worth understanding. The money was not stolen by an external attacker who found a vulnerability. It was taken by an employee who opened an internal dashboard, typed in a wallet address, and watched what that user was accumulating — then positioned ahead of them. No exploit required.
For anyone using Solana copy trading tools, this matters beyond Axiom. It exposes a structural vulnerability that most traders have never thought to ask about.
For context on the broader non-custodial distinction: what non-custodial trading actually means and how on-chain copy trading compares to centralized platforms.
What Actually Happened in the Axiom Insider Trading Scandal?
On February 26, 2026, on-chain investigator ZachXBT published a detailed thread exposing Broox Bauer, a senior business development employee at Axiom Exchange, for allegedly conducting insider trading using internal customer data. ZachXBT noted that the evidence suggested the activity had been ongoing since early 2025.
The investigation centered on a recorded private call between Bauer and a recently-hired Axiom moderator known as "Gowno" (Seb). On that call, Bauer explained that he could track any Axiom user — finding out "anything to do with that person" — via referral code, wallet address, or user ID. He described starting with 10–20 wallet lookups per day and "gradually scaling up so it does not look that suspicious." He outlined a plan to help Gowno earn $200,000 using this access. He referenced another business development employee, Ryan (Ryucio), as having conducted similar lookups for third parties.
This was not a theoretical capability. Bauer had already acted on it. He had compiled a shared Google Sheet mapping wallet addresses to known traders and influencers, including traders referred to in the investigation as "Jerry," "Monix," "Marcell," "Frank," and "GCR." Multiple of these traders, when contacted independently, confirmed that the wallet data attributed to them was accurate.
The financial impact: ZachXBT documented over $400,000 in alleged insider trading profits from front-running. Screenshots suggested approximately $300,000 in exchange balances tied to Bauer's accounts.
What was "God mode" access?
Axiom's internal customer support dashboards allowed business development staff to search any user by wallet address, referral code, or user ID. The dashboards exposed:
- Every wallet address associated with an account
- Wallets users were tracking (their private watchlists)
- Full transaction histories
- User-defined wallet nicknames and labels
- Linked social accounts — Twitter/X, Telegram
- Registration details and linked accounts
ZachXBT's assessment was direct: "Little to no monitoring or access controls in place to mitigate this abuse" and "the extent of data granted to employees in an easily accessible dashboard is unusual for business development roles."
There was no role-based access control. No audit logging. No anomaly detection for unusual query volumes. Business development staff had identical system access to technical security teams.
How Axiom responded
Axiom's official statement: "We are shocked and disappointed to hear that someone on our team abused internal customer support tools to look up user wallets. We have removed access to these tools and will continue to investigate and hold the offending parties responsible."
The statement did not confirm any firings. It did not explain how widespread the access had been or how many users were affected. It did not outline steps to prevent recurrence. Axiom did not respond to CoinDesk's separate request for comment. As of the time of writing, no criminal charges have been filed and no further public updates have been issued.
ZachXBT noted that Bauer is based in New York City and suggested the case "presents itself as a good opportunity for SDNY since it may fall within their jurisdiction."
The Polymarket meta-scandal
The day the scandal broke, separate wallets placed $59,800 in bets on a Polymarket prediction market — "Which crypto company will ZachXBT expose for insider trading?" — approximately three hours before ZachXBT published his thread. Those bets returned an estimated $109,000 in profits at 600%+ returns. Separate wallets placed $65,800 in bets that eventually returned over $411,000. In an almost literary coda to the event, people appeared to have insider-traded on an investigation into insider trading.
Was Axiom Non-Custodial and Why Wasn't That Enough to Stop Insider Trading?
Here is where most coverage of this scandal has stopped short of the more important lesson.
If you search "is Axiom safe" right now, you will find reviews that describe it as non-custodial — meaning users retain control of their own private keys and Axiom never holds your funds directly. That description is accurate. And it is almost entirely beside the point.
The Axiom insider trading scheme did not require access to your private keys. It did not require stealing your SOL. It required something much simpler: knowing which wallets you controlled, what you were accumulating, and when.
This is the distinction that almost no one in the industry talks about: non-custodial for funds is not the same as non-custodial for data.
A platform can be technically non-custodial for your assets while maintaining a comprehensive, centralized database that maps your identity to your wallet addresses, your transaction history, your watchlists, and your linked social accounts. If that database exists and employees can query it, the structural vulnerability that enabled the Axiom insider trading scheme exists — regardless of whether the platform holds your keys.
What does "custodial for data" look like in practice?
When you create an account on most Solana trading terminals, you provide a wallet address and often link a Telegram account or Twitter handle. The platform maps these together in a database. Your wallet's on-chain activity is public on Solana's blockchain — but your identity as the person controlling that wallet was, until this moment, known only to you and the platform.
The Axiom scandal demonstrated that platforms maintaining this identity-wallet mapping in an internally accessible database can expose that data to employees. Employees can then cross-reference your identity with on-chain activity, understand your trading patterns, and position ahead of you.
The information asymmetry this creates is the same whether your platform is "non-custodial" or not. An employee who knows your wallet address, your watchlist, and your trade history has every advantage against you that an insider trader in traditional finance has against retail investors. The blockchain is public — but you had a reasonable expectation that the platform did not know you were behind that wallet.
How KOL targeting made this worse for copy trading specifically
The copy trading use case makes data custody especially important. In ordinary trading, the worst an insider can do is front-run your individual positions. In copy trading, the damage scales with the quality of the trader being targeted.
In the Axiom case, Bauer specifically targeted KOLs — Key Opinion Leaders with large followings. These traders often accumulate positions before publicly announcing plays. Their followers then pile in, pushing prices up. An insider who knows a KOL is accumulating can position ahead of both the KOL and their followers, capturing the price impact of the entire community's subsequent buying.
This is not a niche risk. It is the defining attack vector against the copy trading model when the platform can see private wallet data.
What Structurally Prevents Insider Trading in Solana Copy Trading?
The question worth asking is not "has your platform had a scandal yet" — it is "what would need to be true for this kind of attack to be impossible by design."
There are four components the Axiom insider trading scheme required. A properly architected non-custodial platform removes all four.
Component 1: A centralized identity-wallet mapping database
The attack required a database that connected Axiom usernames, emails, or Telegram accounts to specific wallet addresses. Without this database, there is no "God mode" dashboard to build — because there is no identity-wallet mapping to expose.
Non-custodial architecture that does not require account creation or identity verification cannot maintain this database. No database, no lookup capability.
Component 2: Employee-accessible internal dashboards
Even if user data must exist for operational reasons, the Axiom case demonstrated that broad employee access without access controls is indefensible. Proper role-based access control means business development staff have no access to user identity-wallet data. Technical support staff access only what they need for specific support tickets. Every access is logged and auditable.
Component 3: Platform visibility of trades before they settle on-chain
In a custodial system, the platform routes your orders — meaning it sees your intended trade before the blockchain records it. In a truly non-custodial system where trades execute directly against on-chain liquidity, the platform has no pre-execution visibility. The first record of the trade exists simultaneously for everyone: the user, the platform, and any on-chain observer.
Component 4: Unverifiable performance claims
Insider trading in copy trading is valuable only if the trader being mimicked has real, consistent performance. On platforms where performance is self-reported, without on-chain proof, that performance data is inherently manipulable. When every trade is a verifiable on-chain transaction, the performance claims cannot be falsified — but more relevantly, users can independently verify them without trusting the platform at all.
How to verify whether your platform can front-run you
Before using any Solana copy trading platform, there are four questions worth asking — and one way to get evidence rather than a marketing answer:
Does the platform require you to create an account that links your identity to your wallet address? If yes, that mapping exists in a database somewhere.
Can you find the platform's employee access control documentation? If it doesn't exist publicly, ask. "How many employees can access user wallet data?" is a reasonable question for a platform handling your trading activity.
Do trades execute directly on-chain, or are they routed through the platform's infrastructure first? Routing through platform infrastructure means the platform has pre-execution visibility.
Can you verify every claimed trade on a public block explorer independently? If the platform shows performance data that you cannot independently verify on Solscan or a similar explorer, you are trusting a screenshot.
For a step-by-step guide on verifying a Solana trader's on-chain PnL independently, see: how to verify a Solana trader's PnL.
What Does On-Chain Verification Actually Mean in Practice?
We built Stratium around a single proposition: every trade is verifiable on-chain before we ask you to trust anything we say about performance.
This is not a marketing line — it is a design constraint. When we publish strategy performance, each trade in that record is a Solana blockchain transaction. You can look up any of those transactions on Solscan, verify the timestamp, the token pair, the size, the price at execution, and the wallet address that executed it. You do not have to believe us. You do not have to trust a screenshot. The blockchain is the record.
This architecture has a specific implication for the insider trading question: we cannot front-run our own users because we do not have pre-execution visibility of their copy trades. When a strategy generates a signal, that signal triggers a transaction that executes directly on-chain. There is no internal queue where an employee can see what is about to happen before it happens.
Why Stratium shows losses as well as wins
One pattern that should make any trader uncomfortable — and that the Axiom situation illustrates perfectly — is platforms that present only winning trades or manipulated performance metrics.
On Stratium, you will see losing trades. We show them because removing them would make our on-chain record inaccurate, and an inaccurate on-chain record is both detectable and damaging to everything we are trying to build. You can verify our worst trade the same way you verify our best one. That is the point.
You can review all strategy performance — including losses — on Solscan. Every closed position has a transaction signature you can look up independently: stratiumsol.com/#strategies
Which Solana Copy Trading Platforms Can't Front-Run You?
The Axiom scandal provides a useful lens for evaluating platforms on dimensions beyond speed and fee percentage.
| Stratium | Axiom | Trojan | GMGN | |
|---|---|---|---|---|
| Trade fees | 0.1% | ~0.75–1% | ~0.9% | ~1% |
| Fund custody | Non-custodial | Non-custodial | Non-custodial | Non-custodial |
| Trade verification | On-chain (Solscan) | Self-reported metrics | Self-reported | Self-reported |
| Performance claims independently auditable? | Yes — every trade on Solscan | No | No | No |
| No email/password identity database? | Yes — Telegram-only, no web account | No (email + account-based) | No (account-based) | No (account-based) |
| Copy trading model | Curated, verified strategy wallets | Wallet mirroring (any wallet) | Wallet mirroring | Wallet mirroring |
A note on the identity row: Stratium connects your Telegram identity to your wallet address so copy trades can execute on your behalf. That mapping exists. What doesn't exist is a web-accessible employee dashboard to query it — there is no internal lookup tool, no watchlist data, and no transaction history accessible outside of the executing infrastructure. Trojan and GMGN both require Telegram account registration linked to a wallet address at sign-up, with the same structural exposure as any account-based platform.
On fees: on a $10,000 position, Stratium's 0.1% costs $10 versus $75–100 on competing platforms. On 100 trades per month that is $6,500–$9,000 in fees retained — roughly 10x cheaper than the market standard.
On copy trading model: platforms offering "wallet mirroring" allow users to copy any on-chain wallet. Stratium offers curated strategy wallets where curation means the strategy wallet's historical record is on-chain verifiable. This is a different product — not faster or more feature-rich than wallet mirroring, but more auditable.
Frequently asked questions
Was my data stolen in the Axiom insider trading scandal?
Based on ZachXBT's published investigation, the activity specifically targeted high-value KOL wallets and profitable traders rather than all users indiscriminately. However, because the dashboard gave access to all user data by design, it is not possible for ordinary Axiom users to know whether their wallet information was queried. Axiom's statement did not clarify the scope of affected users.
Is Axiom safe to use after the scandal?
Axiom has stated they have "removed access" to the internal tools implicated in the incident. They have not confirmed personnel terminations, published an independent audit, or disclosed the scope of affected users. Whether that makes the platform safe to use is a judgment each trader must make. The more useful question is whether any platform that maintains a centralized identity-wallet database and gives employees broad access to it can make credible trust claims.
What is non-custodial copy trading on Solana?
Non-custodial copy trading means the platform never holds your funds. Your SOL stays in wallets you control. Copy trade execution happens on-chain through smart contract interactions rather than the platform routing your money on your behalf. The key distinction after the Axiom scandal: non-custodial for funds does not automatically mean the platform has no access to data about which wallets you control.
How does on-chain trade verification work?
Every trade executed through Stratium is a Solana blockchain transaction. Blockchain transactions are publicly recorded, immutable, and independently accessible through explorers like Solscan. You can look up any transaction by its signature hash and verify: the exact timestamp, the token pair, the position size, the execution price, and the wallet that signed the transaction. This means strategy performance cannot be falsified after the fact and does not require you to trust our reporting.
Can Stratium employees see my trades before they execute?
No. Copy trades execute directly on-chain via smart contract interaction. There is no internal queue or routing layer where an employee could observe pending trades before they are recorded on the blockchain. The first record of a trade is the on-chain transaction, which is simultaneously visible to all parties.
Is the Axiom Scandal an Isolated Incident?
The Axiom scandal did not happen in isolation. In the same week, the Meteora team faced class action lawsuits over alleged misconduct. ZachXBT's investigation was itself foreshadowed on Polymarket markets that were apparently bet by insiders. The US Senate introduced the Public Integrity in Financial Prediction Markets Act. OKX launched a product explicitly designed to counter fake PnL screenshots.
The pattern is not that crypto platforms are uniquely corrupt. It is that when platforms combine valuable user data with weak internal controls, misuse is almost inevitable. This is not a new lesson — it is the same lesson every data breach in traditional finance has taught for twenty years.
The architectural response is also not new: minimize the data you collect, minimize who can access it, make the on-chain record the authoritative source of truth, and give users the tools to verify claims without depending on the platform to tell them the truth.
That is what "don't trust, verify" means in practice. Not as a slogan — as a design spec.
The Axiom insider trading scandal is not primarily a story about one bad actor. It is a story about what happens when a platform collects comprehensive user identity data, builds employee-accessible dashboards to query it, and installs no controls to detect abuse.
The good news for Solana traders is that this vulnerability is architectural — which means it has an architectural solution. Platforms that do not collect identity-wallet mappings, do not route trades through internal infrastructure, and publish every trade to the public blockchain by design cannot produce this attack vector.
You do not have to take any platform's word for this, including ours. The verification tool is already built: it is called Solscan, and every trade we claim happened is either there or it isn't.
Start with our strategy wallet: stratiumsol.com/#strategies
If you want to copy trade on Solana with 0.1% fees and full on-chain verification, start trading automatically at stratiumsol.com.
Risk disclaimer: This article is not financial advice. Solana memecoin trading involves substantial risk of loss, including total loss of principal. Past strategy performance, even where on-chain verifiable, does not guarantee future results. Stratium is a non-custodial platform — you retain control of your funds at all times, but this does not eliminate trading risk. Trade only what you can afford to lose.
The allegations described in this article regarding Axiom Exchange employees are drawn from ZachXBT's published investigation and related reporting by CoinDesk, DL News, and CryptoPotato. As of publication, no criminal charges have been filed. Stratium does not assert legal conclusions regarding the conduct described.
Related Reading
- Stratium vs Axiom Trade 2026 — non-custodial vs custodial: what the scandal changed
- What Is Non-Custodial Trading? — why your keys are the only real protection against platform fraud
- How to Copy Trade on Solana — get started with verified, non-custodial copy trading in 30 seconds
- On-Chain Performance Report: 26,704 Verified Trades — every trade publicly checkable on Solscan
Related Articles
Written by
Florian
Founder & Head of Quant — Stratium
Florian is the founder and Head of Quant at Stratium. With 5+ years of experience in quantitative finance and algorithmic trading, he built the copy trading engine from the ground up on Solana — designing the strategy curation framework, FIFO PnL engine, position sizing models, and on-chain execution infrastructure. He writes about quantitative trading, Solana DeFi, and the data behind copy trading performance.