We all know what happened to WazirX, how their wallet was hacked and funds stored in it were stolen. This makes me worried about funds and stocks we hold with stock brokers. Can something like this happen to stock brokers too? If it does, what next?
@nithin hope you don’t mind answering. Thanks.
Most people who trade crypto use the exchange’s wallet itself. That is, they rely on the exchange to keep the tokens safe. Ideally, they shouldn’t, and they should always keep the assets in a cold wallet away from the exchanges.
The issue with a crypto exchange getting hacked is that the stolen tokens can be moved anywhere. The odds of them being recovered after a hack are slim.
You won’t have an issue like this when trading on Indian stock exchanges. Your securities always reside in your own demat account, which is the equivalent of a crypto cold wallet.
When you buy and sell, stocks are credited or debited to your demat account directly. In the event that NSDL and CDSL, the two depositories, get hacked (a low-probability event), there’s nothing that can be done with the securities transferred.
What will the hackers steal. Folio numbers and ISINs?
In crypto the actual money is digital. You can “steal” the digital money and then sell it for real money like INR/USD.
With CDSL and NSDL (where your shares are stored), it’s all electronic. Nothing to steal other than data. Worst case is CDSL getting hacked and losing backups after something happens. That would be catastrophic.
Another curious case would be someone hacking into CDSL and changing units (increasing theirs and decreasing someone else’s). That is dependent on their security only unfortunately 
One possibility is the share transfer from one demat to another via gifting means. If in such situation, this could make one lose all their stocks via a gift hack with attacker stealing the demat credentials.
With MFs this may not be possible except that it takes days to perform such, yet one needs to compromise many systems to achieve that .
To mitigate this to an extent, recently depositories have added another step in the gifting/off market transfer process, which includes customers having to add beneficiaries to whom they wish to gift/transfer these shares. The beneficiary addition needs to be validated by an OTP sent to the registered user’s email/mobile. This is similar to how things work for online fund transfers in the banking system. But again, clients need to be wary of ensuring that the access to their email/mobile is not compromised.
The additional advantage also is of traceability. The shares cannot just go missing, since they have to get credited to a KYC-ed demat account within the depository system
held with clearing corporations
It will still be inside the CDSL/NSDL environment. you can just report the theft legally and recover it.