co founder of @metamask . Making computers behave for us.

Earlier this morning @danfinlay's account posted a message about a token. This message wasn't posted by Dan and we've been looking into what may have happened. 

We're still investigating and don't have a root cause yet, but believe this issue only affects this particular account. More details in thread.

Technowatermelon. Elder Millenial. Building Farcaster. 

nf.td/varun

The message about the token was posted at ~ 7:15am PT using Warpcast. 

A little before that, someone logged into Dan's account from a Windows machine. They used the email authentication flow to request a magic link, and appeared to be able to authorize it from Dan's email.

It's not clear how they were able to get authorization from Dan's email, and we're investigating this. We will post an update here soon. 

We're also going to add 2FA, so that users are more strongly protected if their emails get compromised.

attacker just sent a cast but could claim an account recovery and take over the fc account?!.. this requires WC approval but.. scared.. 

could a previously verified wallet signature be one way to do 2FA?

danfinlay@gmail password : dantheman69420

super dope opsec. when you get done investigating emails hit up tmobile and ask about their hiring process