$1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal

Much of the cybersecurity community was disappointed to learn on Thursday that a researcher scheduled to demonstrate a $1 million WhatsApp exploit at the Pwn2Own hacking contest had withdrawn from the event, but it appears that some have correctly speculated regarding the exploit’s technical viability.  

A total of more than $1 million was paid out to the researchers who took part in the Pwn2Own Ireland 2025 contest organized this week by Trend Micro’s Zero Day Initiative (ZDI). Bounties ranging between a few thousand dollars and $100,000 were awarded to white hat hackers who publicly demonstrated exploits against printers, routers, NAS devices, smartphones, and smart home systems.

On Thursday, a researcher named Eugene (3ugen3) from a team called Team Z3 was scheduled to attempt to demonstrate a $1 million zero-click remote code execution exploit against WhatsApp, but the public demonstration did not take place.

ZDI initially said there ...