Zerodha CEO Nithin Kamath reveals his X account hacked despite 2FA protection
Zerodha CEO Nithin Kamath revealed his personal Twitter account was compromised via a phishing email, though 2FA prevented full takeover. Only a single session was accessed, used to post scam cryptocurrency links.
ADVERTISEMENT
Zerodha co-founder and CEO Nithin Kamath revealed on X, formerly Twitter, that his personal account was hacked on Tuesday due to a phishing email. In a detailed tweet, Kamath explained that a “momentary lapse in attention” while browsing on his personal device allowed attackers to gain access to a single login session.
So, my personal Twitter account was compromised yesterday because I fell for a phishing e-mail early in the morning while at home when browsing on my personal device.
— Nithin Kamath (@Nithin0dha) October 16, 2025
A momentary lapse in attention. The e-mail got through all spam and phishing filters. I clicked on the 'Change… pic.twitter.com/4x4Pg8MtUj
The compromised session was used to post a few scam cryptocurrency links, though Kamath confirmed that his two-factor authentication (2FA) prevented the attackers from taking over the entire account. He noted that the attack appeared fully AI-automated, with no personal targeting involved.
Kamath’s disclosure underscores the human vulnerability in cybersecurity. “As important as technical cybersecurity are, human processes, policies, and procedures that account for worst-case scenarios are equally critical,” he wrote. He emphasized that even with 2FA, a single lapse in judgment can compromise security, highlighting the limitations of technical solutions in addressing human psychology.
The Zerodha CEO also pointed out that despite regular awareness, policies, and systems at Zerodha designed to mitigate such risks, one small mistake was sufficient to breach his account. Kamath urged organizations and governments to adopt holistic cybersecurity frameworks that combine technical defenses with strategies addressing human behavior.
Kamath concluded that while technical safeguards like 2FA are essential, human factors remain the weakest link, and organizations must continuously adapt policies and procedures to address this reality.
