Key Points
- Federal authorities charged Jonathan Spalletta, 36, with computer fraud and money laundering offenses
- Spalletta allegedly executed two separate attacks on Uranium Finance during April 2021, draining more than $50 million
- The stolen cryptocurrency was reportedly laundered via Tornado Cash and converted into high-value collectibles
- Federal agents recovered approximately $31 million in digital assets connected to the attacks in February 2025
- If found guilty on all charges, Spalletta could receive a maximum sentence of 30 years behind bars
Federal prosecutors have filed charges against Jonathan Spalletta, a 36-year-old Rockville, Maryland resident, accusing him of orchestrating two separate cyberattacks on the Uranium Finance decentralized exchange platform during April 2021 that resulted in losses exceeding $50 million.
(1/2)‼️ Uranium migration has been exploited, the following address has 50m in it The only thing that matters is keeping the funds on BSC, everyone please start tweeting this address to Binance immediately asking them to stop transfers.
— Uranium Finance (@UraniumFinance) April 28, 2021
The Southern District of New York unsealed the criminal indictment on Monday. The same day, Spalletta turned himself in to federal authorities in Manhattan and made his initial court appearance before U.S. Magistrate Ona Wang.
Uranium Finance operated as a BNB Chain-based derivative of the Uniswap automated market maker protocol. The platform went live in April 2021 but ceased operations soon after the breaches left it financially depleted.
The initial security breach took place on April 8, 2021, mere days following the platform’s debut. According to prosecutors, Spalletta took advantage of a vulnerability in Uranium’s reward distribution system to extract significantly more digital currency than permitted, netting approximately $1.4 million.
Following the initial breach, parties reached a private settlement. Spalletta participated in negotiations for what authorities characterize as a fraudulent “bug bounty” arrangement, returning the majority of stolen funds while retaining about $386,000.
The second, more devastating breach occurred on April 28, 2021. Spalletta allegedly leveraged a coding flaw in the smart contract that controlled withdrawal restrictions across 26 separate liquidity pools, absconding with $53.3 million worth of cryptocurrency including Bitcoin, Ether, and the platform’s native U92 token.
After the second attack, Uranium Finance took down its website, leaving affected users with minimal information regarding the incident or the perpetrator’s identity.
In February 2025, law enforcement confiscated roughly $31 million in cryptocurrency linked to the security breaches. At that juncture, authorities disclosed no information about a potential suspect.
Spending Pattern of Misappropriated Assets
According to federal prosecutors, Spalletta allegedly obscured the origin of stolen cryptocurrency through elaborate transaction chains, including utilizing Tornado Cash, a privacy-focused cryptocurrency mixing platform.
He subsequently allegedly converted the illicit proceeds into premium collectibles. His purchases reportedly included a Black Lotus Magic: The Gathering card valued at approximately $500,000 and 18 unopened Alpha booster packs costing roughly $1.5 million.
Additional alleged acquisitions included first-edition Pokémon collections valued above $1 million, an ancient Roman “Eid Mar” coin purchased for about $601,500, and a fragment of fabric from the Wright brothers’ historic aircraft. Law enforcement confiscated these items during a search of his home.
In correspondence referenced in the indictment, Spalletta reportedly told an acquaintance: “I did a crypto heist … Crypto is all fake internet money anyway.”
Criminal Charges and Maximum Penalties
Spalletta is charged with one count of computer fraud, carrying a maximum penalty of 10 years imprisonment, and one count of money laundering, which carries a maximum penalty of 20 years incarceration.
U.S. Attorney Jay Clayton stated: “Stealing from a crypto exchange is stealing — the claim that ‘crypto is different’ does not change that.”
These charges represent the first public identification of a suspect in the Uranium Finance incident, more than four years following the original attacks.
