Zerodha co-founder Nithin Kamath on Thursday said that his personal X account was briefly compromised after he accidentally fell for a phishing email. In a post on X, Kamath stated that the attackers gained access to one login session and used it to post a few scam cryptocurrency links. Kamath has 7.4 lakh followers on X.
Detailing the incident, Kamath said the phishing attempt occurred early Wednesday while he was at home browsing on his personal device. In a “momentary lapse in attention”, he fell for the phishing mail for changing his password. The screenshot that he shared showed the sender’s ID name oddly formatted — a telltale sign of fraud.
What happened with Nithin Kamath?
The Zerodha CEO said the email evaded all spam and phishing filters and when he clicked on the “Change Your Password” link and entered his credentials. The cyber attackers gained partial access to his X account. “I had 2FA enabled, so luckily, they couldn’t take over the full account apart from gaining access to the one session from the phishing flow,” he explained.
So, my personal Twitter account was compromised yesterday because I fell for a phishing e-mail early in the morning while at home when browsing on my personal device.
— Nithin Kamath (@Nithin0dha) October 16, 2025
A momentary lapse in attention. The e-mail got through all spam and phishing filters. I clicked on the 'Change… pic.twitter.com/4x4Pg8MtUj
Kamath described the attack as fully AI-automated, noting that it did not appear to target him personally. “Goes on to show that no matter how careful we are, all it takes is one slip of the mind. As important as technical cybersecurity, are human processes, policies, procedures that account for worst-case scenarios and the psychology of the weakest link, which is us,” Kamath wrote.
How useful is two-factor authentication?
The CEO went on to say that while two-factor authentication was helpful “but clearly, it is not a technical solution to human psychology”. “This is why it is so important for cybersecurity frameworks within organisations and governments to be holistic and not fixate on technical solutions,” his X post read.
Urging users and organisations to adopt holistic cybersecurity frameworks, Kamath said, “Despite awareness, policies, systems, and conversations at Zerodha on these risks on a regular basis, all it took was one slight slip of the mind.”
