Personal identification documents belonging to Raj Gokal, co-founder of Solana and President of Solana Labs, were published via a compromised Instagram account on Monday, raising concerns over online security within the crypto industry.
The breach originated from the official Instagram account of the American hip-hop group Migos, which has a following of over 13 million.
The account uploaded multiple posts late Monday, including images of Gokal’s unredacted driver's license, passport, and other personal documents. One image reportedly showed a woman, alleged to be Gokal’s spouse, holding her own driver’s license.
Another post included Gokal’s phone number with a caption inciting followers to harass him. One of the captions referenced a ransom demand: “You should’ve paid the 40 BTC,” suggesting that Gokal may have been targeted in an extortion attempt. All posts were removed just over an hour after they went live.
Security Threats and Online Intrusions
Gokal initially issued a public warning via X on May 21. He confirmed that attempts had been made to breach his email, social media accounts, and personal devices over the past week.
His message cautioned followers against engaging with any suspicious links or communications that could result from such breaches.
The situation has prompted speculation within the crypto community about the origins of the attack. One theory circulating on X suggests the compromise may be connected to an earlier security breach at Coinbase, in which sensitive user data was reportedly exposed.
A user named Bizzy pointed out the broader implications: “Basically everyone has used Coinbase at some point, meaning these hackers have driver’s licenses, balances, addresses and everything for almost anyone in the space.”
However, not everyone agrees on the connection. A pseudonymous on-chain investigator argued that the Instagram leak likely stemmed from access to Gokal’s personal email or cloud storage, where identification documents were backed up.
This would point to a more targeted phishing or social engineering attack rather than a systemic platform-wide breach.
