27-5-2025 – The personal details of Raj Gokal, co-founder of Solana, were exposed in a brazen attack following the hijacking of rapper Migos’ official Instagram account on 25 May 2025. This breach has ignited alarm across the cryptocurrency sector, raising critical questions about data protection and the audacity of modern cybercriminal tactics.
The attackers, undeterred by their unmet demand for a 40 Bitcoin ransom, unleashed a cascade of sensitive information, including photographs of Gokal and his wife’s identification documents, such as passports and driving licences. At least seven images were posted on the compromised account, some accompanied by taunting captions like, “It was only 40 BTC… should’ve paid.” The hackers also shared phone numbers, email addresses, and a mysterious image featuring an individual named “Arvind,” hinting at the potential breadth of the stolen data. A Telegram link promoting a meme coin and purportedly unreleased music tracks was briefly added to the account’s bio, amplifying the audacious nature of the assault. Meta, Instagram’s parent company, acted swiftly to remove the posts and restore control, but not before the content lingered online for roughly 90 minutes.
Speculation has swirled around the origins of the leaked data, with some experts suggesting the exposed images resemble Know Your Customer (KYC) verification files commonly used by cryptocurrency exchanges. This has led to murmurs of a possible connection to a recent Coinbase security breach, which affected approximately 1% of the platform’s monthly active users. That incident, disclosed earlier in May, saw hackers demand a $20 million ransom, which Coinbase refused to pay. Fears are mounting that the perpetrators may have accessed a trove of user KYC documents, though no concrete evidence ties Gokal’s leak directly to the Coinbase incident. One analyst warned, “If Solana’s founders’ KYC data is compromised, the implications for every user on their platform could be catastrophic—far worse than a typical data breach.”
Blockchain investigator ZachXBT shed light on the attackers’ methods, revealing they likely employed social engineering techniques in the days leading up to the breach. The hackers reportedly attempted to extort Gokal using his personal information before escalating their campaign by commandeering Migos’ Instagram account. Gokal had preemptively warned his followers on X about suspicious attempts to access his email, Apple ID, Google account, and other digital assets, urging caution against engaging with dubious links or requests for funds in his name.
This incident underscores a troubling surge in crypto-related cyberattacks, with hackers increasingly targeting high-profile social media accounts to promote fraudulent schemes or, as in this case, to combine extortion with public shaming. The breach has intensified scrutiny on Meta, as verified accounts of celebrities and influencers become frequent conduits for scams, often leaving victims with irretrievable losses. The audacity of leveraging a rapper’s platform to expose a crypto founder’s private details marks a chilling evolution in cybercriminal strategies.
As the crypto community grapples with this breach, uncertainty persists about its full scope, including whether other Solana team members have been affected. Neither Meta nor Gokal has issued a formal statement, and the precise source of the compromised data remains elusive. In response, users are being urged to bolster their cybersecurity practices, remain vigilant for suspicious activity, and closely monitor their digital accounts. This incident serves as a stark reminder of the vulnerabilities inherent in an increasingly interconnected digital landscape, where personal data remains a prized target for those lurking in the shadows.
