Hackers compromised the Instagram account of the hip-hop group Migos to leak Solana co-founder Raj Gokal’s passport, ID, address, phone number, wife’s details, and family pictures. The material is suspected to be KYC images, which raised questions about whether the source may be linked to a recent Coinbase data breach.
The caption accompanying the doxxed information read, “You should’ve paid the 40 BTC,” suggesting an extortion attempt. The bio was also changed to “CHECK BIO FOR MEMECOIN” after the hack. Gokal’s accounts were reportedly socially engineered, and the attackers posted the materials via the hijacked Migos IG account after he refused to pay.
TLDR
>Raj got social engineered for access to an email account a few days ago
>Attacker attempted to extort him with PII obtained from the account after but he didn’t pay
>Same attacker compromised Migos Instagram account today
>Attacker posted Raj’s PII from the Migos account— ZachXBT (@zachxbt) May 27, 2025
Last week, Solana’s Raj tweeted that attackers tried to gain control of his email and social media accounts. On May 27, hackers hijacked the Migos Instagram account, which has over 13 million followers, and leaked personal information about Solana co-founder and his wife in a blackmail attempt. The attackers demanded a ransom of 40 BTC (~$4.4 million) through posts that remained live for roughly 90 minutes, gaining thousands of interactions before being deleted.
Experts like online sleuth ZachXBT believe phishing and social engineering were used in the breach and highlighted persistent security flaws on Instagram, mainly affecting inactive celebrity accounts. Meta is under fire for its slow response, prompting renewed calls for stronger security measures and quicker user support in hacking incidents. The Roll Up’s co-founders and host, Andy, claimed that the Migos had not posted anything since February 15th, 2024, adding that the incident was very unfortunate for Gokal and made IG policies against doxxing look weak so far.
“Attackers have been trying to take control of my email, social media, Google, Apple, etc. this past week. If you see anything suspect (token launch, soliciting funds, etc) that means they got through. Be careful out there.”
–Raj Gokal, Co-founder of Solana
According to Andy, Instagram deleted the posts to cover up Gokal’s personal information as best as possible. Still, he added that there appeared to be a guy, “Arvind,” who also had their SOL balance leaked through the same Migos IG. Also, a link was posted to a Telegram group that appeared to be selling unreleased music.
Coinbase discloses a months-long breach of data affecting 69.46K customers
Coinbase disclosed last week that a months-long data breach resulted in the theft of personal and financial information from at least 69,461 customers, less than 1% of Coinbase’s monthly transacting users.
The US-based crypto company’s filing said the breach dated back to December 26, 2024, and continued until earlier this month. Coinbase also faces an action lawsuit after its stock prices dipped because of the disclosure of data breaches. Plaintiffs claimed that Coinbase failed to disclose the breach on time, leading to a stock price dip.
The breach occurred when cybercriminals used social engineering to bribe overseas customer support agents into stealing sensitive data from Coinbase systems. The company received an anonymous email from the hackers on May 11, which included a ransom demand for $20 million in exchange for not releasing the stolen information.
Coinbase’s chief legal officer, Paul Grewal, responded to the incident by stating that the company had notified the DOJ and was working with other U.S. and international law enforcement agencies to pursue criminal charges against these bad actors. The U.S. Justice Department has since opened an investigation into the security breach.
Coinbase clarified that some personal information was compromised, including names, contact details, masked Social Security numbers, and bank account information. However, no customer funds, passwords, private keys, or wallet access were affected. Additionally, the attackers did not gain access to hot or cold wallets. Coinbase Prime users were also not compromised.
Your crypto news deserves attention - KEY Difference Wire puts you on 250+ top sites
