Pwn2Own 2021: participants earned $1,2M of the $1.5M prize pool

The Pwn2Own 2021 hacking competition was concluded, participants earned more than $1.2 million, the greatest total payout ever.

The Pwn2Own 2021 hacking competition reached the end, participants earned more than $1.2 million which is more than ever paid out at this contest.

White hat hackers demonstrated exploits for Safari, Chrome, Edge, Windows 10, Ubuntu, Microsoft Teams, Zoom, Parallels, Oracle VirtualBox, and Microsoft Exchange, for a total of 23 attempts.

Only Oracle VirtualBox was not hacked, experts demonstrated working exploits for all the other products.

The participants already shared their exploits with the vendors which have 90 days to address all vulnerabilities reported.

In Day 3, four attempts achieved partial successes and other four were successful. Hackers demonstrated working exploits against Parallels Desktop, Ubuntu Desktop, and Windows 10.

None of the above successes received a payout of more than $40,000.

The highest reward for this edition was $200,000 that was paid out to team Devcore for an exploit for Exchange server obtained by chaining authentication bypass and local privilege escalation flaws, Daan Keuper and Thijs Alkemade from Computest for a zero-click Zoom exploit, and the researcher OV for a Microsoft Teams exploit.

Trend Micro’s Zero Day Initiative (ZDI), which is the organizer of the Pwn2Own 2021, confirmed that participants earned a total of $1,210,000 of the $1.5 million prize pool. This is the highest total of ever, in 2020, participants earned $270,000 for their exploits, while in 2019 they earned $545,000.

You can find detailed chronicle of Day 1 and Day 2 at the following links:

Pwn2Own 2021 Day 1 – participants earned more than $500k

Pwn2Own 2021 Day 2 – experts earned $200K for a zero-interaction Zoom exploit

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Hades ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.