A major digital security incident has unfolded involving Raj Gokal, co-founder of the Solana blockchain, whose sensitive personal data was leaked online through a hijacked celebrity social media account.
On May 25, the official Instagram page of the hip-hop group Migos was compromised, and hackers used the platform's 13 million-follower reach to share explicit identity documents of Gokal, including passport and driver’s license images, as part of an attempted extortion scheme demanding 40 Bitcoin (approximately $2.7 million).
The attackers uploaded at least seven posts containing private images of Gokal and his wife, displaying Know Your Customer (KYC) verification materials commonly used by cryptocurrency exchanges. The posts were captioned with threatening messages such as “You should’ve paid the 40 BTC” and included what appeared to be personal contact information.
One post exposed Gokal’s mobile phone number, with hackers urging followers to spam him. Another referenced an individual named "Arvind," possibly connected to either Gokal’s blockchain holdings or involved tangentially.
The offensive posts remained live for around 90 minutes before Meta, Instagram’s parent company, removed the content and regained control of the account. During the hack, Migos’ Instagram bio was modified to promote a meme coin, and links were shared to Telegram groups advertising unreleased music, suggesting a mix of financial and promotional motives behind the breach.
Targeted Attack or Wider Data Breach?
Blockchain investigator ZachXBT commented on the incident, stating that the attack was likely the result of a sustained social engineering effort targeting Gokal’s personal accounts over the preceding week. According to ZachXBT, the attackers initially tried to extort Gokal directly and, when unsuccessful, escalated the exposure by hijacking a popular third-party Instagram account to maximize public visibility.
This assessment aligns with a prior warning issued by Gokal himself on social platform X, where he disclosed multiple intrusion attempts on his email, social media, and tech service accounts, urging the public to disregard any suspicious communication that might appear to originate from him.
While the direct source of the leaked KYC materials remains unconfirmed, the nature of the images - high-resolution, government-issued IDs alongside selfies - has prompted speculation that the data may have been compromised from a centralized crypto platform. Observers have floated a potential link to the recent Coinbase data breach, which reportedly affected around 1% of the exchange’s monthly active user base.
Coinbase had previously acknowledged a security incident in which threat actors demanded a $20 million ransom in exchange for stolen customer data. The company did not comply with the demand. However, there is currently no verified evidence connecting the Coinbase breach to Gokal’s data exposure. Neither Coinbase nor Meta has commented on any overlap.
KYC Data
The incident underscores growing concerns about the custodianship and vulnerability of KYC data within the crypto ecosystem. As regulatory requirements force platforms to collect sensitive identification documents for onboarding users, they become attractive targets for sophisticated attackers. The leak of KYC data is often more damaging than password breaches, as the documents involved - passports, driver's licenses, selfies - cannot be easily changed or revoked.
One analyst remarked that this leak represented a more extreme privacy violation than typical KYC incidents. "This isn’t just an address leak," they noted. "It’s biometric proof of identity that can be reused for fraud, deepfakes, or blackmail."
With Web3 ecosystems still relying heavily on centralized exchanges and compliance intermediaries for access and liquidity, users and founders alike face increasing risks tied to KYC data exposure. While decentralized protocols have long touted privacy and self-custody as core principles, their integration with regulated entities reintroduces traditional points of failure.
High-Profile Hacks
The Migos Instagram hack is part of a broader pattern in which high-visibility social media accounts are exploited to distribute malicious content, shill fraudulent coins, or leak sensitive data. In many cases, hackers aim for mass exposure to drive token pumps or scams. This case, however, deviated by serving primarily as a public retaliation tool when an extortion demand reportedly failed.
In recent months, crypto-related social media breaches have included:
- The compromise of the U.S. SEC’s official X account in January, falsely announcing Bitcoin ETF approvals.
- A March breach of MicroStrategy’s X account, used to promote a fake token that netted six figures in minutes.
- Multiple influencer Instagram hacks to launch meme coin pump-and-dumps.
Security researchers have noted that many of these attacks involve a combination of SIM swaps, phishing, and malware. Social engineering remains one of the most effective tools for compromising even tech-savvy individuals, especially when personal assistants, email forwarding services, or corporate accounts are involved.
Legal Gaps
Despite the scale and implications of incidents like this, enforcement and legal remedies remain patchy. The decentralized nature of blockchain makes transaction tracing feasible, but recovering assets is difficult. Meanwhile, platforms like Instagram or X are under limited obligation to notify followers or compensate victims following account compromises, unless additional personal data is leaked under specific jurisdictions’ data protection laws.
The exposure of a blockchain founder’s KYC data may also have implications for governance and network security. While Solana itself is not directly implicated, the incident raises concerns about targeted attacks on public figures and the potential reputational and operational risks they introduce to protocols.
Meta, which owns Instagram, has not issued a public statement on the breach, despite the high-profile nature of the incident and the potential exposure of personally identifiable information (PII) to millions of users. Gokal has also not made any detailed public comments as of publication.
Transparency from centralized platforms remains inconsistent, with most major tech firms disclosing breaches only when legally compelled or when fallout becomes publicly apparent. In the absence of coordinated disclosure, users are left to rely on third-party investigators like ZachXBT and independent journalists for insight.
Final Thoughts
The breach of Raj Gokal’s personal information through an unrelated celebrity Instagram account highlights a broader threat landscape in the crypto space: the convergence of social media vulnerabilities, centralized KYC data storage, and extortion tactics.
While Gokal may not have paid the 40 BTC ransom, the public release of his sensitive identity materials represents a long-term personal and professional liability.
The event adds to an expanding list of data-driven attacks in the blockchain sector and may force project leaders and investors to re-evaluate how they manage both their digital identities and security practices. It also underscores the need for tighter controls around third-party KYC storage, and more robust incident disclosure practices from platforms handling user data.
As the industry matures, the question is not just how to prevent blockchain exploits, but how to mitigate the off-chain risks that increasingly intersect with digital asset ownership.