Pwn2Own Berlin: Singapore Claims Victory with Over $1 Million in Total Prize Money

Pwn2Own Berlin, the first German edition of the renowned exploit competition, concluded with tremendous success as participants collectively earned over $1 million in prize money. Singapore-based STAR Labs emerged as the champion, claiming the prestigious “Master of Pwn” title. German contender Manfred Paul made his mark with an impressive Firefox exploit.

Competition Highlights and Zero-Day Discoveries

The three-day event ran alongside OffensiveCon, drawing security experts from around the globe who unveiled a remarkable collection of previously undiscovered vulnerabilities. In total, participants identified and demonstrated 28 different zero-day vulnerabilities, all purchased by the organizing Zero Day Initiative (ZDI) from security firm Trend Micro.

Following thorough analysis by ZDI’s expert team, these vulnerabilities will be responsibly disclosed to the affected manufacturers, many of whom had representatives on-site observing the competition.

Asian Teams Dominate the Leaderboard

The competition leaderboard was dominated by Asian security teams:

1. STAR Labs (Singapore) – Overall champion with an impressive $320,000 bonus
2. Viettel (Vietnam) – Security team from the Vietnamese telecommunications company secured second place
3. Two French teams and the security researchers from Wiz rounded out positions 3-5

German Representation Shows Technical Prowess

Manfred Paul, the sole German participant and a former “Master of Pwn” title holder, demonstrated his expertise by “popping calc” – Pwn2Own jargon for launching the Windows calculator through a security vulnerability. This achievement earned him $50,000, which also represents ZDI’s purchase price for the associated security vulnerability.

Target Systems and Vulnerability Distribution

Of the 28 vulnerabilities demonstrated at Pwn2Own Berlin, approximately 25% targeted AI products, including Nvidia’s Triton inference server. Other popular targets included:

• Broadcom’s virtualization products
• VMware
• VirtualBox
• Docker
• Windows operating system

History and Evolution of Pwn2Own

Pwn2Own has been a cornerstone of the security research community since its inception in 2007. The name derives from “pwn to own” (essentially meaning “hack to possess”), originating from an initiative at the CanSecWest security conference where participants could win a MacBook and $10,000 if they successfully compromised it using a security vulnerability.

While successful participants still receive the laptops they hack during the competition, these devices have become secondary prizes compared to the six-figure monetary rewards now offered.

Notable Recent Pwn2Own Discoveries

The competition consistently reveals high-impact vulnerabilities. Recent examples include:

• A significant vulnerability in Synology’s NAS operating system discovered during the November event in Ireland
• In January 2025, hackers demonstrated running Doom on a car infotainment system (though this was only a video demonstration)

The Impact of Pwn2Own on Cybersecurity

Pwn2Own plays a vital role in the cybersecurity ecosystem by incentivizing ethical hackers to discover and responsibly disclose critical vulnerabilities. The competition creates a structured environment where security researchers can demonstrate their skills while contributing to improved security for widely-used software and hardware.

The identification of AI-related vulnerabilities at this year’s event highlights the growing importance of securing emerging technologies as they become increasingly integrated into critical infrastructure and everyday applications.

By facilitating the discovery of these vulnerabilities in a controlled setting, Pwn2Own helps prevent potential exploitation by malicious actors and strengthens the overall security posture of the technology industry.

About Pwn2Own and the Zero Day Initiative

The Zero Day Initiative operates as a program for rewarding security researchers for responsibly disclosing vulnerabilities. Created by TippingPoint (now part of Trend Micro), ZDI bridges the gap between independent security researchers and software vendors, encouraging responsible disclosure practices while providing recognition and compensation to those who identify vulnerabilities.

Pwn2Own represents ZDI’s flagship event, consistently attracting top security talent from around the world and serving as a barometer for the state of cybersecurity across various platforms and technologies.