Posts revealed passports, telephone numbers, emails, and a contact named “Arvind”.
ZachXBT says attackers used social engineering to collect Gokal’s info.
Meta eliminated the posts 90 minutes after the account was compromised.
In a critical cybersecurity breach, Solana co-founder Raj Gokal’s private knowledge has been leaked following the compromise of rapper Migos’ official Instagram account.
The hack, which passed off on Might 25, 2025, included a number of photos of Gokal and his spouse’s identification paperwork, together with passports and driver’s licences.
The attackers reportedly demanded a ransom of 40 Bitcoin and commenced releasing the content material after their calls for have been unmet.
The incident has sparked widespread concern over knowledge safety, social engineering, and the potential scale of private knowledge publicity linked to broader business breaches.
Hackers posted KYC photos and get in touch with data
The compromised Instagram account posted a minimum of seven photographs containing Gokal’s private particulars, together with one wherein he held up a passport. One other included a caption that learn, “It was solely 40 BTC.. ought to’ve paid.”
A number of posts displayed telephone numbers and e-mail addresses, whereas one picture confirmed a person recognized solely as “Arvind,” elevating additional considerations in regards to the extent of the info theft.
The posts remained seen for round 90 minutes earlier than Meta took motion to take away them and regain management of the account.
Throughout that window, a Telegram hyperlink was additionally shared in Migos’ altered bio, selling a meme coin and allegedly unreleased music tracks.
Suspected techniques and former warnings
Blockchain investigator ZachXBT advised that the attackers used social engineering techniques over the previous week to focus on Gokal.
He famous that the hackers tried to extort funds utilizing personally identifiable info (PII) acquired earlier than launching their on-line assault.
“They tried to extort him for funds with the PII obtained,” ZachXBT acknowledged on X, previously Twitter. “Guess he didn’t pay in order that they began trolling and posted it after they compromised Migos Instagram account in the present day.”
Gokal had already alerted his followers days earlier than the incident.
In a submit on X, he warned that unknown attackers had been making an attempt to entry his e-mail, Apple ID, Google account, and different digital belongings.
He cautioned customers to keep away from partaking with suspicious hyperlinks or fund solicitations showing in his title.
Questions raised over Coinbase hyperlink and knowledge origin
The character of the leaked photos has led some analysts to imagine that they might be Know Your Buyer (KYC) verification recordsdata, usually used for identification affirmation by crypto platforms.
This assumption has fuelled hypothesis that Gokal’s knowledge is likely to be linked to the current Coinbase knowledge breach.
Earlier in Might, Coinbase disclosed {that a} safety incident had affected roughly 1% of its month-to-month lively customers. The hackers reportedly demanded a $20 million ransom from the alternate.
Though no cost was made, fears have grown that the attackers might have accessed person KYC paperwork, together with images utilized in self-verification.
“If they’ve the KYC for the founders of Solana, then they’ve the KYC for each single individual that ever used their platform,” one analyst wrote.
That is like 10 occasions worse than a daily KYC leak.
Regardless of the hypothesis, there is no such thing as a verified proof at present linking Gokal’s knowledge leak on to the Coinbase breach.
Each Meta and Gokal have but to launch official statements on the incident, and the precise supply of the compromised info stays unconfirmed.
Meta faces stress amid rising crypto-related account breaches
The incident provides to a rising record of high-profile social media breaches involving crypto scams.
Unhealthy actors have more and more hijacked verified accounts of celebrities and influencers to shill fraudulent tokens, usually leaving victims with unrecoverable losses.
On this case, nonetheless, the attackers seem to have mixed extortion with public humiliation and promotion, underlining the evolving techniques utilized in crypto-targeted cyberattacks.
Using a well-liked public determine’s compromised Instagram account to leak delicate knowledge raises pressing questions for platforms like Meta on how they’re addressing these breaches.
As of now, the complete extent of the knowledge leak, together with whether or not different Solana workforce members have been affected, stays unknown.
Customers throughout the crypto group are being urged to remain alert, monitor their digital accounts intently, and practise enhanced cybersecurity hygiene in mild of those developments.
