After Demat Hacking Zerodha’s Nithin Kamath Says: Temporary One-time Passwords Are Insufficient

In parallel with the rise in retail investors, particularly millennials, betting on the equities markets after the coronavirus epidemic, cyberattacks using phishing or other methods have also surged in recent years in India.

After a local media outlet disclosed how many customers’ demat accounts, including those from the company, were hacked, India’s largest trading business Zerodha acted quickly to protect consumers from hackers. This Monday, Mumbai Police detained five persons on suspicion of hacking into the share broker’s demat accounts and defrauding them of Rs 3.5 crore.

Nithin Kamath, the founder, and CEO of the brokerage company acknowledged that their current way of requesting a temporary one-time password is insufficient and promised that Zerodha will soon include a feature that would prevent orders for options from being made at anomalous pricing.

To shift money, he said that it is impossible to withdraw funds from trading accounts into accounts held by other parties. Instead, fraudsters manufacture fictitious losses by trading illiquid options (buy high, sell low) or purchasing phoney penny stock, and finding funding solutions to stop such shady dealings is their best option.

When OTP/TOTP/Biometric logins become required on September 30, Kamath predicted that incidents will decrease.

According to Kamath, cybercrime has increased across all sectors, from social media to brokerage. However, he warned, safety precautions can only be effective if users are cautious enough to avoid sharing their account credentials by falling for get-rich-quick scams, which is how most frauds take place.

The hackers’ method of operation is delivering phoney websites to random individuals via text messages, emails, and social media. When unwary investors attempt to log in by clicking the phoney website, the hackers steal their username, password, personal identification number, or date of birth. Brokers claim that the hackers can use these credentials to enter into the investor’s trading account and carry out the fraudsters’ planned purchase or sell orders on illiquid penny stocks.

India’s capital markets regulator also ruled last month that stock brokers and depository participants need to notify any cyber assaults, threats, and breaches within six hours of discovering such occurrences. This was done in response to the rising number of cyber frauds. The framework for cyber security and cyber resilience for stock brokers was also established by the Securities and Exchange Board of India.

The pandemic has increased cyber security risks, accelerated the use of existing, new, and emerging technologies, and disrupted some outsourcing agreements, according to a recent report from the International Organization of Securities Commissions, which is regarded as the global standard-setter for the securities industry.


Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of, Inc. or its affiliates Read More

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

function init() { var vidDefer = document.getElementsByTagName('iframe'); for (var i=0; i