US Attorney’s Office for the Southern District of New York has unsealed an indictment against a Maryland man accused of carrying out two major hacks on the now-defunct DeFi platform Uranium Finance, which lost more than $54 million in 2021.
Authorities said Jonathan Spalletta has been charged with computer fraud and money laundering after allegedly exploiting vulnerabilities in the platform’s smart contracts. He surrendered to law enforcement and is expected to face the charges in federal court.
Two exploits led to platform collapse
According to prosecutors, the attacks took place in April 2021, shortly after Uranium Finance launched during the peak of the crypto bull market.
The first exploit occurred on April 8 when the attacker used a platform code flaw to withdraw more funds than permitted. The incident caused financial losses which reached approximately 1.4 million dollars.
Your completely free resource hub designed to boost your knowledge of cryptocurrencies
The platform reached a private settlement with the attacker which resulted in most of the stolen funds being returned while a small amount remained unrecovered, as the second attack caused greater damage than the first attack.
The attacker used a different vulnerability on April 28 to bypass all withdrawal restrictions which applied to different liquidity pools. Prosecutors confirmed that the second hack led to the theft of digital assets worth about $53.3 million which included Bitcoin Ethereum and the platform’s native tokens. The extent of financial losses forced Uranium Finance to stop its operations which stopped users from accessing their frozen funds.
Authorities track and seize assets
Investigators allege that a portion of the stolen funds was used to purchase high-value collectibles.
These included Pokémon cards, ancient Roman coins and historical memorabilia linked to early aviation. Authorities said these items were later seized during a search of the suspect’s residence.
In addition, US authorities confirmed that around $31 million in cryptocurrency connected to the case had been seized in 2025, though details were not disclosed at the time.
The charges carry significant penalties. The computer fraud count could lead to a sentence of up to 10 years, while the money laundering charge carries a maximum of 20 years.
DeFi vulnerabilities under scrutiny
The case demonstrates that decentralized finance platforms still face security threats which emerge from their reliance on automated market maker systems.
Uranium Finance operated as a Uniswap fork which used BNB Chain to create matching liquidity pool systems.
The platform suffered security breaches because its smart contracts contained vulnerabilities which hackers exploited during the DeFi platform expansion that occurred between 2020 and 2021.
The collapse of Uranium Finance left many users without compensation and became one of several high-profile incidents that raised concerns about security standards in the sector.
Broader trend of crypto-related hacks
The incident occurred during a time when various crypto security breaches were happening across the market. The total amount lost in 2021 because of hacks and exploits reached more than $2.6 billion according to industry estimates.
The Poly Network case stands as one of the most important security breaches because hackers stole $610 million yet returned the stolen assets after the company negotiated with them. The authorities have strengthened their investigation methods after they obtained blockchain analysis tools which enable them to trace stolen digital assets and track criminals in the cryptocurrency markets.
The most recent cases demonstrate that law enforcement officials have improved their capacity to retrieve stolen assets while they follow through with criminal investigations that originate from previous events.
Spalletta’s indictment shows the new investigation methods which allow police to investigate past cases. The US authorities use digital asset crimes to demonstrate that all digital asset violations receive equivalent treatment to traditional financial crime.
The case demonstrates to the crypto industry that security measures and transparent operations with accountable systems must remain essential elements for all decentralized platforms which will serve the upcoming users and institutional clients who will join this industry.
