Nithin Kamath says his X account was hacked after falling for phishing email: 'All it took was one slight slip of mind'

Zerodha co-founder and CEO Nithin Kamath revealed that his personal account on X was hacked after he accidentally clicked on a phishing email. Sharing details of the incident on the microblogging platform, Kamath said that the incident occurred early morning on Wednesday when he was at home browsing on his personal device. He said the email “got through all spam and phishing filters,” and in a “momentary lapse in attention,” he clicked on the ‘Change Your Password’ link and entered his credentials.

“The attackers gained access to a single login session, using it to tweet a few scammy cryptocurrency links,” Kamath explained. Fortunately, he said he had two-factor authentication (2FA) enabled, which prevented the hackers from taking over his entire account. Kamath added that the phishing attack appeared to be fully AI-automated and not personally targeted. “Goes on to show that no matter how careful we are, all it takes is one slip of the mind,” he wrote.

Reflecting on the incident, Kamath further stressed the importance of holistic cybersecurity practices, saying that while technical safeguards like 2FA are vital, they cannot protect against human error. He also said that despite regular awareness and security conversations at Zerodha, “all it took was one slight slip of the mind.”

“As important as technical cybersecurity, are human processes, policies, procedures that account for worst-case scenarios and the psychology of the weakest link, which is us. 2FA is absolutely essential, but clearly, it is not a technical solution to human psychology. This is why it is so important for cybersecurity frameworks within organisations and governments to be holistic and not fixate on technical solutions,” he noted.

“Despite awareness, policies, systems, and conversations at Zerodha on these risks on a regular basis, all it took was one slight slip of the mind,” Kamath concluded.

(Also Read: Nithin Kamath responds to Redditor on Zerodha's journey: ‘We came from middle-class background, no rich uncles’)

How did social media react?

The post struck a chord with internet users, with many echoing his call for stronger cybersecurity measures.

“I get 1–3 of these emails daily. It’s insane. @nikitabier @elonmusk, X needs to fix this. haven’t fallen for one and hope I never do, but it’s very easy to slip. Oddly, these hit X accounts far more than any other platform,” one user wrote.

“There are many such phishing emails coming in lately for most of our accounts. The biggest question I have is how did they get access to our emails! Cz we didn't publicly share the exact emails!” commented another.

“Even Nithin Kamath proves it: cybersecurity isn’t just about firewalls and 2FA—it’s about the one distracted morning when curiosity beats caution. One slip, and suddenly the entire internet knows your crypto secrets. Humans: the ultimate malware,” wrote a third user.