Migos Instagram Hacked After Solana Co-Founder Refuses 40 BTC Ransom

Generated by AI AgentCoin World
Tuesday, May 27, 2025 2:34 pm ET1min read
BTC
--
SOL
--

Hackers took over the Instagram account of the rap group Migos to post personal information of Solana co-founder Raj Gokal, including his passport and phone number, on May 27. This incident occurred after Gokal refused to pay a 40 Bitcoin (BTC) ransom demanded by the attackers.

Blockchain analyst ZachXBT explained on social media that the attackers had gained access to one of Gokal’s email accounts days before the Instagram incident. The compromised account contained know-your-customer (KYC) photos of Gokal and his wife, which had been synced to a cloud backup. These images are typically supplied to crypto exchanges or other financial services for identity verification purposes.

Gokal had alerted his followers on May 20 that unknown parties had been attempting to take control of his email, social media,

Google
, Apple, and other accounts. He advised his followers to treat any unexpected token launches or fundraising requests as signs that the attackers had succeeded in compromising his accounts.

After obtaining the documents, the attackers sought 40 BTC in exchange for keeping the material private, as revealed in the caption of one of the photos posted. Gokal did not pay the ransom. When the extortion attempt failed, the same actor compromised Migos’ Instagram profile, which has 13 million followers, and uploaded images showing Gokal and his wife holding their passports.

Gokal addressed the episode with a comment on X: “Always remember to dress up smart for your KYC photos. You never know what kind of reach they might get on social media.”

ZachXBT clarified that the breach relied on social-engineering tactics against Gokal’s email provider rather than on leaked data from the recent Coinbase data breach incident. This refuted speculation that the doxxing was linked to that breach.

Coinbase revealed on May 15 that it suffered a data breach after threat actors bribed support agents with access to its internal systems. As a result, the group targeted the exchange customers in social engineering attacks. According to a May 15 filing with the US Securities and Exchange Commission, Coinbase estimated remediation costs and voluntary customer reimbursements to be between $180 million and $400 million.

This incident highlights the growing threat of social engineering attacks in the cryptocurrency space, where personal information can be used for extortion or other malicious purposes. It also underscores the importance of robust security measures and vigilance in protecting sensitive data.