Zerodha co-founder and CEO Nithin Kamath has shared a candid account of how his personal X account was compromised on Wednesday after he fell for a phishing email — despite being a vocal advocate for cybersecurity.
Kamath revealed that the breach occurred early in the morning while he was browsing on his personal device. “A momentary lapse in attention,” he wrote, explaining that the email bypassed spam and phishing filters. Believing it to be legitimate, he clicked on a “Change Your Password” link and entered his credentials.
Attackers gained access to a single login session and used it to post scam cryptocurrency links. The Zerodha CEO noted that two-factor authentication (2FA) prevented a complete account takeover. “Luckily, they couldn’t take over the full account apart from gaining access to the one session from the phishing flow,” he said, adding that the attack appeared “fully AI-automated and not personal.”
Reflecting on the incident, Kamath stressed that technical safeguards alone cannot eliminate risk. “No matter how careful we are, all it takes is one slip of the mind,” he wrote. “As important as technical cybersecurity are human processes, policies, and procedures that account for worst-case scenarios and the psychology of the weakest link — which is us.”
He underscored that while 2FA is essential, it is “not a technical solution to human psychology,” urging organisations and governments to adopt holistic frameworks that go beyond technology. “Despite awareness, policies, systems, and conversations at Zerodha on these risks on a regular basis, all it took was one slight slip of the mind,” Kamath admitted.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
