co founder of @metamask . Making computers behave for us.

Earlier this morning @danfinlay's account posted a message about a token. This message wasn't posted by Dan and we've been looking into what may have happened. 

We're still investigating and don't have a root cause yet, but believe this issue only affects this particular account. More details in thread.

Technowatermelon. Elder Millenial. Building Farcaster. 

nf.td/varun

The message about the token was posted at ~ 7:15am PT using Warpcast. 

A little before that, someone logged into Dan's account from a Windows machine. They used the email authentication flow to request a magic link, and appeared to be able to authorize it from Dan's email.

email auth remains a critical attack vector. trustless > trusted systems