IRIS C2 Zero-Day Marketplace: How Two Convicted Fraudsters Jack Berkman and Jacob Wohl Launched a Government-Facing Exploit Trading Operation
IRIS C2, a newly emerged Virginia company, has drawn scrutiny from cybersecurity journalist Brian Krebs for its bold claims of purchasing zero-day vulnerabilities and selling offensive cyber tools to governments while being led by two individuals with documented histories of fraud and deception.
The firm appeared on social media in January 2025 and quickly began publishing content about vulnerabilities, artificial intelligence, and hacking tools. On its website, IRIS C2 presents itself as a provider of offensive cyber capabilities based in McLean, Virginia, offering rewards ranging from $10,000 to $7 million for zero-day exploits, exploit chain components, and fully developed attack tools targeting major software platforms.
The company actively recruits young researchers skilled at finding vulnerabilities and developing exploits, emphasizing that formal education or prior work experience is unnecessary and that talent and high intelligence are the primary criteria. According to data from the government contracting portal G2Exchange, the IRIS C2 website is managed by Calvexa Group LLC, a registered federal contractor in Virginia, although no direct government contracts appear in public records.
Founders' Criminal Background and Deceptive Practices
The address of Calvexa Group is linked to lobbyist Jack Berkman, who directed inquiries about IRIS C2 to his longtime partner Jacob Wohl. Both men have previously created fictitious intelligence companies, disseminated false accusations against American politicians, and participated in illegal robocall campaigns.
In 2022, Berkman and Wohl pleaded guilty to wire fraud charges in Ohio, receiving fines, probation, and community service. The Federal Communications Commission later imposed a $5.1 million penalty on the pair for robocall operations that spread false information about mail-in voting.
Wohl told KrebsOnSecurity that IRIS C2 initially focused on penetration testing before shifting to selling phone-hacking tools to government entities. He stated that the company takes vulnerabilities discovered by external researchers and develops them into stable, practically usable attack tools. Approximately 40 employees work at the firm, with instructions not to list IRIS C2 on LinkedIn, although independent verification of staff numbers has not been possible.
Neither Wohl nor Berkman holds formal education in computer science or information security; Wohl claims to have acquired the necessary knowledge independently. Earlier, the pair operated LobbyMatic, a platform allegedly using artificial intelligence for political lobbying, where they concealed their real identities from employees and clients, leading several staff members to resign upon discovering the true leadership.
In March 2026, journalist Molly White reported that Berkman and Wohl received $300,000 from an individual accused of stealing $65 million from cryptocurrency platforms KyberSwap and Indexed Finance, in exchange for efforts to secure a presidential pardon.