Home News US Charges Hacker Behind $55 Million Uranium Finance Collapse
News

US Charges Hacker Behind $55 Million Uranium Finance Collapse

89

A US national has been charged for allegedly hacking the decentralized cryptocurrency exchange Uranium Finance, a breach that resulted in losses of approximately $55 million and ultimately forced the platform to shut down.

Jonathan Spalletta, 36, from Rockville, Maryland, is accused of exploiting smart contract vulnerabilities in 2021 in what became one of the largest decentralized finance (DeFi) attacks at the time.

Timeline of the Attacks

The first incident occurred on April 8, 2021, when Spalletta allegedly manipulated Uranium’s reward distribution system. This allowed him to withdraw about $1.4 million in cryptocurrency.

Following the attack, he reportedly contacted Uranium and negotiated a fake bug bounty arrangement. Under this agreement, he kept approximately $386,000 while returning around $1 million to the platform.

However, the activity did not stop there.

On April 28, 2021, Spalletta allegedly carried out a second, far more damaging exploit. By leveraging another vulnerability in Uranium’s smart contracts, he withdrew significantly more funds than permitted, draining roughly $53.3 million from 26 liquidity pools. This massive loss led to the exchange shutting down.

Laundering and Use of Stolen Funds

According to the indictment, Spalletta attempted to conceal the stolen cryptocurrency through complex transactions, including the use of the crypto mixer Tornado Cash.

The laundered funds were then used to purchase high-value collectibles, including:

  • Magic: The Gathering cards
  • Pokémon cards
  • Antique Roman coins

These assets were reportedly worth millions of dollars.

Law Enforcement Action

In February 2025, US authorities announced the seizure of approximately $31 million in cryptocurrency linked to the attack. The assets had been spread across multiple wallets and remained inactive for nearly three years before being moved again in 2024.

Spalletta later surrendered to authorities and now faces charges of:

  • Computer fraud
  • Money laundering

If convicted, he could face up to 10 years in prison for fraud and 20 years for money laundering.

Key Takeaway

This case highlights the risks associated with smart contract vulnerabilities in DeFi platforms. It also underscores how attackers may exploit systems multiple times and attempt to legitimize theft through tactics like fake bug bounty claims and sophisticated laundering methods.


1 Comment

  • This case highlights the real risks in DeFi platforms where smart contract flaws can lead to massive losses. It’s also a reminder that exploiting vulnerabilities for profit—especially under the guise of a “bug bounty”—still carries serious legal consequences.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

NewsSecurity

Telegram’s t.me Domain Goes Offline Worldwide After Registry Imposes ServerHold

Telegram’s t.me Links Go Offline After Domain Registry Places Hold on Address...

NewsSecurity

Critical U-Boot Flaws Could Let Hackers Install Stealthy Firmware Malware

New U-Boot Bootloader Flaws Could Enable Stealthy Firmware-Level Attacks Security researchers have...

NewsSecurity

Exposed Hacker Server Reveals Massive Campaign Compromising 25,000 WordPress Websites

Exposed Server Reveals 25,000 Hacked WordPress Websites in Large Cybercrime Campaign A...

NewsSecurity

Hidden Tenda Router Backdoor Gives Hackers Full Administrator Access

Hidden Backdoor in Tenda Router Firmware Allows Attackers to Gain Admin Access...