The Zero Day Initiative’s Pwn2Own Toronto 2022 hacking contest has come to an end, with participants earning nearly $1 million for exploits targeting smartphones, printers, routers, NAS devices, and smart speakers.
After the first day, when participants earned $400,000, it seemed that well over $1 million would be awarded by the end of the four-day competition. However, due to the unusually high number of entries — 26 contestants signed up for 66 exploits — ZDI decided to award the full cash prize only to the first winner of each target, with subsequent exploits getting 50% of the prize money.
On the second day, participants took home $280,000, and on the third-day they were awarded roughly $250,000. On the last day, there were many failures and exploits using previously known vulnerabilities and the white hat hackers only won $55,000.
The highest rewards were earned in the new SOHO Smashup category, where a small office / home office (SOHO) scenario is simulated. The goal was to hack a router on the WAN interface and then pivot to the LAN, where a second device needed to be hacked, such as a smart speaker, NAS appliance, or printer.
For SOHO Smashup exploits involving various routers and printers, Pwn2Own participants were awarded a total of $300,000.
Sonos One smart speaker exploits earned more than $100,000. The Samsung Galaxy S22 was also hacked, for a total of $125,000. Google and Apple phones have not been hacked at the event.
Significant prizes, of $40,000 each, were also earned for NAS device hacks. Printer and router hacks were rewarded with between $1,250 and $20,000.
The Devcore team won the event, earning $142,500 and other prizes.
The total amount of money paid out at Pwn2Own Toronto 2022 was $989,750, roughly the same as at last year’s event. At Pwn2Own Vancouver 2022, which took place in May, participants took home $1.1 million for hacking Tesla Model 3, Windows 11, Ubuntu, Microsoft Teams, Safari, Firefox and Oracle VirtualBox.
Related: Printers Hacked for First Time at Pwn2Own
Related: ICS Exploits Earn Hackers $400,000 at Pwn2Own Miami 2022

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- GoAnywhere MFT Users Warned of Zero-Day Exploit
- UK Car Retailer Arnold Clark Hit by Ransomware
- EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft
- Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
Latest News
- Comcast Wants a Slice of the Enterprise Cybersecurity Business
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- New York Attorney General Fines Vendor for Illegally Promoting Spyware
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
