Zerodha Founder Nithin Kamath’s X Account Briefly Hacked in AI-Powered Phishing Scam
Zerodha co-founder Nithin Kamath revealed his personal X account was temporarily compromised after falling victim to a sophisticated AI-automated phishing attack. The breach occurred when Kamath accidentally entered his credentials into a fake password reset email, allowing attackers to post cryptocurrency scam links to his 740,000 followers.
Key Takeaways
- Nithin Kamath’s X account was briefly hacked via AI-powered phishing
- Attackers gained partial access despite two-factor authentication protection
- Incident highlights critical need for holistic cybersecurity approaches
The Phishing Attack Details
The security breach occurred early Wednesday when Kamath was browsing on his personal device at home. He experienced a “momentary lapse in attention” and fell for a phishing email disguised as a password change request. The fraudulent email had bypassed all spam and phishing filters.
Kamath shared that the sender’s ID name was oddly formatted – a classic red flag for phishing attempts. After clicking the “Change Your Password” link and entering his credentials, cyber attackers gained access to one login session on his X account.
How Two-Factor Authentication Helped
“I had 2FA enabled, so luckily, they couldn’t take over the full account apart from gaining access to the one session from the phishing flow,” Kamath explained. He described the attack as fully AI-automated and not personally targeted against him.
The Zerodha CEO emphasized that while two-factor authentication provided crucial protection, “it is not a technical solution to human psychology.” He stressed the importance of comprehensive cybersecurity frameworks that address human vulnerabilities alongside technical safeguards.
Broader Cybersecurity Implications
Kamath’s experience underscores how even cybersecurity-aware individuals can fall victim to sophisticated attacks. “Goes on to show that no matter how careful we are, all it takes is one slip of the mind,” he wrote.
He urged organizations and users to adopt holistic security approaches, noting: “Despite awareness, policies, systems, and conversations at Zerodha on these risks on a regular basis, all it took was one slight slip of the mind.” The incident highlights the critical need for cybersecurity frameworks that account for human psychology and worst-case scenarios.
