The Instagram account of the former rap group Migos was hacked. This hack appeared to be an attempt to blackmail Raj Gokal. Gokal is a co-founder of the Solana blockchain. On May 27, the Migos account posted several images. These images have since been removed from the platform. Some photos showed Gokal holding his identity documents. Captions with these images demanded 40 Bitcoin. Raj Gokal had previously warned about such hacking attempts.
On May 20, he alerted followers to be suspicious.
At least seven images were posted by the hacker. Reporters from Cointelegraph viewed them before they were deleted. Two of the images clearly depicted Gokal holding his passport. Another showed him with his driver’s license identification. The full details on each document were plainly visible. The hacker directly tagged Gokal in one of these images. A caption stated, “you should’ve paid the 40 btc.” This strongly suggests a previous, failed extortion attempt.
Another image allegedly showed Gokal’s wife holding a driver’s license. Further posts dumped private data like phone numbers and emails.
The style of photos is commonly used by crypto exchanges. Individuals hold personal identifying documents with their faces visible. These are standard for Know Your Customer (KYC) verification. However, the origin of these specific photos is currently unknown. It is not clear how the hackers obtained them. How they were used in this blackmail attempt is also a mystery. The Solana Foundation was contacted for an official comment. Raj Gokal was also approached for his statement regarding the incident.
It is uncertain if artificial intelligence generated these images. Deepfakes have been used in crypto extortion attempts previously. For example, scammers created a fake driver’s license for Scott Melker. They successfully stole at least $4 million from one victim. The methods for gathering and storing KYC information are under scrutiny. This is particularly true for crypto exchanges recently. Earlier in May, Coinbase was hit with a lawsuit. Users alleged the exchange breached biometric privacy laws by using third-party vendors.
Reference:
