Participants earned a total of more than $1.15 million at the Pwn2Own Vancouver 2022 hacking contest last week.
According to Trend Micro’s Zero Day Initiative (ZDI), which organizes the event, rewards were paid out for 25 unique zero-day vulnerabilities that were used to target Tesla Model 3, Windows 11, Ubuntu, Microsoft Teams, Safari, Firefox and Oracle VirtualBox.
A majority of the money was earned on the first day, when researchers demonstrated exploits worth a total of $800,000, including three Microsoft Teams exploit chains that received $150,000 each.
Two teams targeted the Tesla Model 3, but only one of them, representing Synacktiv, was partially successful. The Synacktiv team earned $75,000 for an infotainment system hack, but their exploit leveraged a sandbox escape vulnerability that had already been known.
In the second attempt, a researcher failed to demonstrate their Tesla exploit, but ZDI still decided to acquire the details of the exploit and report them to the carmaker.
Researcher Manfred Paul was the only one to target Mozilla’s Firefox browser and the exploit earned him $100,000. Paul demonstrated his exploit on May 18, and on May 20 Mozilla already announced a Firefox update that should patch the vulnerabilities he disclosed at Pwn2Own. The researcher also earned $50,000 for a Safari hack.
Pwn2Own participants demonstrated six Windows 11 privilege escalation exploits, each worth $40,000. Four Ubuntu exploits and one VirtualBox exploit earned hackers the same amount.
This is the second Pwn2Own taking place this year. In April, at Pwn2Own Miami 2022, which focuses on industrial control systems (ICS), contestants earned a total of $400,000 for their exploits.
Related: Printers Hacked for First Time at Pwn2Own
Related: $1.9 Million Paid Out for Exploits at China’s Tianfu Cup Hacking Contest
Related: Serious Vulnerability Exploited at Hacking Contest Impacts Over 200 HP Printers

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
- Security Update for Chrome 109 Patches 6 Vulnerabilities
- New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch
- Forward Networks Raises $50 Million in Series D Funding
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
