OpenSea’s security policy bypassed by hackers using matchAdvancedOrders function


  • Hackers exploited OpenSea’s stolen Ape policy to sell to Franklin’s collection offer.
  • This was executed with a Match Advanced Order function to Mint and sell.
  • Hackers bypass OpenSea’s security policy, but there needs to be a buyer to bid for the offer.

Franklin, the 6th largest BAYC holder, revealed via his official Twitter account that someone had exploited OpenSea’s stolen Ape policy to sell to his collection offer after it was already marked as under review for suspicious activity. 

As revealed, the hackers utilized the “Match Advanced Order” function to Mint and sold it to Franklin. This came following Franklin’s tweet on January 20, notifying OpenSea to get their stolen Ape policy fixed. He addressed that an ape with a yellow caution mark was sold to his OpenSea WETH offer for 65 WETH. 

For this, OpenSea collected 1.625 ETH in fees, and Franklin was not able to resell this Ape. He mentioned the fact that the Ape was marked even before the sale happened. 

Cos, the Founder of SlowMist and the Creator of and, shared a tweet that addressed the fact that the hackers can use the “match advanced orders” function of the OpenSea Seaport protocol in order to complete the sale of the NFT that has been blocked by the OpenSea mark. 

This further bypasses the security policy of OpenSea, but a buyer is still required in order to bid on the offer.