How is it possible that someone can hack a demat account and transfer funds in his account. As far as I know the fund can only be transferred in the demat account holder’s account. Check pic for context.
The news article is not clear on how it happened, as u pointed out, i don’t think bank account details can be changed that easily.
Maybe someone from zerodha can clarify as to how can the bank a/c details and KYC be altered, and if it is really that easy.
This person was able to change mobile number and e-mail id, but is that really enough to make changes to other KYC details including bank account.
What about TPIN, can they get access to that too.
1 Like
Actually I am thinking same. How this scam happened. It is so scary.
Yes it’s so scary to see such type of news.
hacker person is very dapper person, almost 70 Lac is not small amount, if any one looted 70 lac worth share, then whoever can transfer he will caught and arrested within week, ….
yes, but this sort of hacking will leave a trace.
The hacker will be caught.
Apparently he was an employee of the broker…
I was already checking this with the team to share their views on this topic. Rest assured, it won’t go unanswered. 
1 Like
As per the inputs from the team:
A Trading and demat account cannot be compromised unless the One-Time Password (OTP) is shared.
An OTP is sent to both the registered email address and mobile number. If a fraudster gains access to either of these or hacks the client’s email where he gets all the OTPs, they can potentially infiltrate the trading account and execute unauthorized transactions.
This only talks about the OTP related to , to authorise a sell transaction and still doesn’t confirm how someone can access the TPIN which is also required to initiate a sale.
-
Is there a way for anyone to get to know the TPIN ? (i.e., By altering only the mobile number and e-mail id)
-
Even if someone can sell the holdings, the proceeds would eventually be transferred to the Bank account linked to Demat, so how will the hacker benefit from it?
What is the procedure to change the bank account details, maybe this will clarify if changing the bank account too is possible after altering the mobile number and email id.
I assume there are lot of checks and balances and authentication and verification that one has to go through to change such details (other than mobile number and e-mail id)
Please read it again. I said how he is able to transfer the amount to his personal bank account. Because as far as I know the Amount can only be transferred in the demat account holder.