Key Highlights
Jonathan Spalletta was charged with computer fraud and money laundering in connection with two alleged hacks of Uranium Finance in April 2021.
The first exploit netted about $1.4 million, while the second drained about $53.3 million from 26 liquidity pools and forced Uranium to shut down.
Authorities said they seized cryptocurrency worth about $31 million in February 2025 and also recovered luxury collectibles allegedly bought with the stolen funds.
A Maryland man has been charged in connection with the 2021 hacks of the decentralized exchange Uranium Finance, which allegedly drained more than $54 million in crypto. The U.S. Attorney’s Office for the Southern District of New York said Jonathan Spalletta surrendered on March 30 and faces one count of computer fraud and one count of money laundering.
According to the indictment, the first hack occurred on April 8, 2021, when Spalletta allegedly exploited Uranium’s smart contract to withdraw far more reward tokens than he was entitled to. The attack brought in about $1.4 million. Uranium later agreed to let him keep about $386,000 as a supposed bug bounty in exchange for returning the rest.
A second exploit followed on April 28, 2021. In that attack, Spalletta allegedly used a flaw in Uranium’s withdrawal logic across 26 liquidity pools, taking about $53.3 million in cryptocurrency and leaving the platform without enough funds to continue operating.
The Justice Department said the stolen funds were later moved through a series of transactions, including via Tornado Cash. Prosecutors also allege that some of the proceeds were spent on high-value collectibles, including a Black Lotus card, sealed Alpha Booster packs, rare Pokémon cards, antique Roman coins, and other items.
Federal authorities seized cryptocurrency worth about $31 million on February 24, 2025. The case has been assigned to U.S. District Judge Jed S. Rakoff, and investigators asked potential victims of the Uranium hack to contact UraniumVictims@hsi.dhs.gov.
