Recent Hacking Incidents In Industry

Hi @PravinJ ,

I’m sure you must be aware of the recent Demat/Trading Account Hacking Incidents that took place in the in the industry, including Zerodha.

If you’re not aware of the incident, please go through below video to understand the severity of the matter. In some incidents, the client had not even shared the TOTP with the hacker.

Operation Demat Daka : Zee Business Special Investigation to protect your Demat Account From Fraud - YouTube

Can you please educate us on how safe our portfolio are at Dhan with respect to cyber attacks and safety measures explained in the video.


Hi @amit

Just went through this. We do take care of safety and security and a priority of everything we do, but as even the video says - when the end users share details knowingly or unknowingly with strangers, platforms or anyone - there is little platforms can do. Same for broking platforms, banks for any apps or platforms that deal with financial information.

Having said that, will post a detailed note on this at some time.

@PravinJ ,

Are you 100% sure Dhan applications doesn’t have any security lapses? It would be great to see latest security audit report if there is any.

As revealed in the video, two victims ended up wasting 30-45 mins of time with customer care explaining the fraud but customer care failed to understand the urgency of the matter. At least this could have been avoided, right?

Banks do have specific teams to handle such situation along with well defined policy and procedures in case of a fraud, which doesn’t seem to be the case with Online Brokers. And, hence this should be a wake up call!


A very ciritical question from Amit.
Dhan! You must clarify. Two days and no reply makes us uneasy.

Hi All,

We have already mentioned that we do take care of all safety and security procedures that are required to keep Dhan accounts safe. From our side, we are 100% focussed on that.

We simply can’t explain why customer care of other stock broking platform wasted 45 mins of time, or why they have been silent about the matter. It’s not our process, we cant comment on that.

Has any stock broker, or any tech company ever given assurance that their systems are 100% secure - No, because that statement will never be true. Safety and security are ongoing processes, always, even for the largest of technology companies including likes of Google or Facebook. As a regulated entity we are subject to security related audits and processes to which we comply with at all times.

We have shared a guidance note on keeping your trading & demat accounts safe: Keeping your Stock Trading & Demat Account safe and secure

Updating the post with Episode-2 on the same subject.

Demat Daka Episode 2 : Zee Biz Special Investigation to protect your Demat Account From Fraud - YouTube


As far I know topt is time based as well as click based but topt has long character , generally a computer algorithm coding that be run on multiple app on same time as long as time is synchonized and the character used for this is sometime copied by client in third party software to use it as backup but sometime in the world these character gets used by third person which then able to get access to the account of user with enabled totp after login with users password. And most of people would say its hacking but this is compelety misconception and hacker are shamed of people of this mind , generally hacker would say to these people - mindless people.

So make sure to completely secure these character as backup also.

@247NH ,

To enhance the security, I would suggest login to be allowed only from specific machines (IPs).

Keeping your Stock Trading & Demat Account safe and secure - #3 by amit