Maryland Man Faces 30 Years for $54M Uranium Finance DeFi Hacks

A Maryland man has been indicted and faces up to 30 years in prison for allegedly orchestrating two hacks that drained over $54 million from the decentralized exchange Uranium Finance in 2021, leading to its collapse. Jonathan Spalletta, 36, surrendered to authorities and was charged by the U.S. Attorney's Office for the Southern District of New York with one count of computer fraud and one count of money laundering.

The first exploit occurred on April 8, 2021, just days after Uranium Finance's launch. Spalletta allegedly manipulated a smart contract vulnerability to withdraw more rewards than authorized, stealing roughly $1.4 million. A private deal later saw all but $386,000 returned. A more devastating second attack followed on April 28, 2021. Prosecutors allege Spalletta exploited an error in the platform's withdrawal limit smart contract across 26 liquidity pools, siphoning approximately $53.3 million in cryptocurrency, including Bitcoin (BTC), Ether (ETH), and the platform's native U92 token. This massive theft left the exchange insolvent, forcing it to shut down.

U.S. Attorney Jay Clayton stated, "Stealing from a crypto exchange is stealing—the claim that 'crypto is different' does not change that. For the victims, there is nothing different about having your money taken." He added that Spalletta dismissed his actions by saying, "Crypto is just fake internet money anyway."

Authorities traced the stolen funds to unusual purchases, including rare Pokémon and Magic: The Gathering trading cards, antique Roman coins, and a piece of fabric from the original Wright brothers' airplane. In February 2025, U.S. authorities seized approximately $31 million in cryptocurrency linked to the hacks. Spalletta was presented before U.S. Magistrate Ona Wang to formally hear the charges.

The case underscores the persistent risks of smart contract vulnerabilities in DeFi and signals prosecutors' growing focus on treating such technical exploits as traditional financial fraud, with an increasing capability to trace and recover digital assets.