Zerodha’s Nithin Kamath’s X account hacked after falling for phishing email

Zerodha co-founder and CEO Nithin Kamath has disclosed that his personal account on X was hacked after he accidentally clicked on a phishing email.

Highlighting the incident on the microblogging platform, Kamath shared that the incident occurred early morning on Wednesday when he was at home browsing on his personal device.

He said the email “got through all spam and phishing filters,” and in a “momentary lapse in attention,” he clicked on the ‘Change Your Password’ link and entered his credentials.

“The attackers gained access to a single login session, using it to tweet a few scammy cryptocurrency links,” Kamath explained. He said that he fortunately had two-factor authentication (2FA) enabled, which prevented the hackers from taking over his entire account. He added that the phishing attack appeared to be fully AI-automated and not personally targeted.

“Goes on to show that no matter how careful we are, all it takes is one slip of the mind,” he wrote.

Reflecting on the incident, Kamath further stressed the importance of holistic cybersecurity practices, saying that while technical safeguards like 2FA are vital, they cannot protect against human error. He also said that despite regular awareness and security conversations at Zerodha, “all it took was one slight slip of the mind.”

“As important as technical cybersecurity, are human processes, policies, procedures that account for worst-case scenarios and the psychology of the weakest link, which is us. 2FA is absolutely essential, but clearly, it is not a technical solution to human psychology. This is why it is so important for cybersecurity frameworks within organisations and governments to be holistic and not fixate on technical solutions,” he noted.