- Posts revealed passports, phone numbers, emails, and a contact named “Arvind”.
- Blockchain investigator ZachXBT says attackers used social engineering to gather Gokal’s information.
- Meta removed the posts about 90 minutes after the account was compromised.
In a serious cybersecurity incident, Solana co-founder Raj Gokal’s personal information was exposed after the official Instagram account of the rap group Migos was compromised. The breach occurred on May 25, 2025, and included multiple images showing identification documents belonging to Gokal and his wife, such as passports and driver’s licenses.
According to reports, the attackers demanded a ransom of 40 Bitcoin and began publishing the stolen content when their demands were not met. The episode has raised significant concerns about data security, the effectiveness of social engineering defenses, and the wider risks that personal data exposure poses across the cryptocurrency industry.
Hackers posted KYC images and contact details
The hijacked Instagram account uploaded at least seven images containing Gokal’s personal details. One photo showed him holding a passport, while other posts displayed phone numbers and email addresses. Another image included a man identified only as “Arvind,” prompting additional worries about how extensive the data theft might be. A caption accompanying one of the posts read, “It was only 40 BTC.. should’ve paid.”
The malicious posts remained live for roughly 90 minutes before Meta intervened to remove them and regain control of the account. During that brief window, the attackers also changed the account bio to include a Telegram link that promoted a meme coin and allegedly unreleased music tracks.
Suspected tactics and prior warnings
Blockchain analyst ZachXBT said the perpetrators appear to have used social engineering over the preceding week to gather information on Gokal. He noted the attackers attempted to extort money using personally identifiable information they had collected prior to launching the public attack.
“They tried to extort him for funds with the PII obtained,” ZachXBT posted on X. “Guess he didn’t pay so they started trolling and posted it after they compromised Migos’ Instagram account today.”
Gokal had warned his followers several days before the hack that unknown parties were trying to access his email, Apple ID, Google account, and other digital assets. He advised users to ignore suspicious links or solicitations for funds sent in his name.
Questions about a possible Coinbase connection and the data’s origin
Some analysts pointed out that the leaked documents resembled Know Your Customer (KYC) verification files used by crypto platforms to confirm user identities. That similarity fueled speculation that Gokal’s data might be connected to a recent Coinbase security incident.
Earlier in May, Coinbase disclosed a security event that affected about 1% of its monthly active users; attackers reportedly demanded a $20 million ransom. Although Coinbase said no ransom was paid, concerns have persisted that hackers could have accessed user KYC documents, including verification photos.
“If they have the KYC for the founders of Solana, then they have the KYC for every single person that ever used their platform,” one analyst wrote, calling the situation far worse than a typical KYC leak. However, there is currently no verified evidence directly linking Gokal’s leaked documents to the Coinbase incident.
To date, neither Meta nor Raj Gokal has issued a full public statement clarifying the exact source of the compromised information, and the provenance of the leaked files remains unconfirmed.
Meta under scrutiny as crypto-related account breaches rise
This episode adds to a growing series of high-profile social media compromises tied to cryptocurrency scams. Attackers increasingly hijack verified celebrity and influencer accounts to push fraudulent tokens and other scams, leaving many victims with irrecoverable financial losses.
In this case, the attackers combined extortion with public exposure and promotion, demonstrating how tactics in crypto-targeted cyberattacks continue to evolve. Using a prominent public figure’s compromised Instagram account to publish sensitive personal data has intensified scrutiny on platforms like Meta and how they prevent and respond to such breaches.
At present, it is unclear how many people were affected beyond Gokal and his immediate circle, including whether other members of the Solana team were impacted. The crypto community is being urged to remain vigilant: monitor accounts closely, enable strong authentication, and follow enhanced cybersecurity practices in light of these developments.