The last word in password recovery.
offspec.io is a dedicated team of hackers and entrepreneurs specializing in password recovery from hardware and software wallets. We have successfully freed over $2MM USD of cryptocurrency since our founding in 2021.
Hacking isn't like you see in the movies. Even though it feels like magic, it takes a focused, intense amount of effort without much glitz and glamour. It's like solving a complex puzzle that comes with highs, lows, and everything in between.
We want to bring you along on the ride to observe, ask questions, and learn about what we're doing. We take pride in being open, transparent, and honest in our work. After all, it's your cryptocurrency - we're just helping you free it.
Our first step is to acquire as much information as possible about your wallet through vendor documentation and other open-source intelligence methods. We will check our knowledge base and community contacts for any existing research or vulnerabilities to aid in our success. If you have a software wallet, we will ask for anything you remember about your PIN, password, or passphrase.
Next, we will set up an environment to ensure that we have a well-defined base on which to perform our work. For a hardware wallet, this means obtaining identical versions of the device to use for experimentation and testing. For a software wallet, this means acquiring and installing the same version of the wallet software that you originally used.
Our wallet(s) will be configured to match what you know about your wallet, so we're mimicking the real world as closely as possible.
Determining how to hack a wallet can take days, weeks, or months of effort. This is highly dependent on known vulnerabilities we can exploit to give us an advantage.
For a hardware wallet, there are a number of steps to take, such as:
Understanding general design philosophy and identifying the core components through non-destructive imaging and/or product teardown.
Reverse engineering the design through signal monitoring, protocol decoding, firmware extraction, and/or chip-level analysis.
Creating a list of potential attacks based on our research.
Iterating through the attacks until we are successful.
For a software wallet, we would write any necessary scripts, modules, or programs for use with our password cracking tools. We may also perform static or dynamic code analysis to identify weaknesses in the software wallet's cryptographic implementation that may reduce the time required for the attack.
Once we've successfully achieved an attack, we will ensure that we can replicate it in the most reliable way with minimal risk of data loss. Only after we prove this to your satisfaction do we move forward to hack your actual device.
It's time to recover your funds! Depending on the circumstances, you'll meet us on-site at our lab to deliver your hardware wallet or data from your software wallet and watch the attack unfold in real time or we'll work independently on the attack and share our process through still images, video, and screen captures. Alternatively, we may travel to your facility to perform the attack to ensure that chain-of-custody requirements are maintained.
In The News