The world of ethical hacking saw an unexpected turn at the Pwn2Own Ireland 2025 competition, where an eagerly anticipated attempt to exploit WhatsApp Messenger for a record 1 million dollar prize was withdrawn at the last moment. Pwn2Own rewards researchers who responsibly discover and disclose zero day vulnerabilities, and this year’s final day promised a high stakes demonstration.
The researcher known as Eugene, representing Team Z3, had been expected to reveal a zero click remote code execution exploit for WhatsApp. Such an exploit would have marked a major security finding and carried the largest single reward ever offered by the contest. Instead, organizers confirmed that Team Z3 pulled the entry, citing that their research was not ready for public demonstration.
Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative which runs Pwn2Own events, said Team Z3 withdrew because they did not feel their work was ready. Childs added that Meta remains interested in receiving any valid findings, and that ZDI analysts will perform an initial assessment before passing material to Meta engineers for triage.
The withdrawal sparked speculation across security forums and social media about whether a viable exploit had existed at all. Meta offered a measured response, telling press outlets that it was disappointed Team Z3 did not present a viable exploit but that it was in contact with ZDI and the researchers to understand submitted research and to triage lower risk issues received.
The company reiterated that it welcomes valid reports through its bug bounty program and values collaboration with the security community. When approached, Eugene told Security Week that the matter would remain private between Meta, ZDI and the researcher, declining further comment. No public demonstration took place and the million dollar prize remained unclaimed.
The episode highlights the pressures researchers face at high profile competitions, the importance of coordinated disclosure, and the fine line between proving a vulnerability and ensuring it can be safely handled. For vendors, competitions like Pwn2Own continue to be a vital source of intelligence about real world security risks, even when the most dramatic moments fail to materialize.
