Maryland Man Charged in $53M Cryptocurrency Heist Targeting Uranium Finance
A 36-year-old Maryland man, Jonathan Spalletta, has been charged with stealing over $53 million from the Uranium Finance cryptocurrency exchange in two separate attacks in April 2021. The alleged breaches exploited vulnerabilities in the platform’s smart contract code, draining nearly 90% of its assets and forcing its shutdown.
Prosecutors allege Spalletta manipulated a rewards system to withdraw $1.4 million, negotiated a fraudulent $386,000 bug bounty, and later exploited a coding error to siphon funds from 26 liquidity pools. The second attack, occurring three weeks after the first, resulted in the theft of approximately $53.3 million.
The stolen cryptocurrency was laundered through decentralized exchanges and the Tornado Cash mixer before being used to purchase rare collectibles, including trading cards and an ancient coin. In February 2025, authorities seized assets from Spalletta’s residence, recovering about $31 million in cryptocurrency tied to the case.
Spalletta faces charges of computer fraud (up to 10 years in prison) and money laundering (up to 20 years). U.S. Attorney Jay Clayton emphasized that the case underscores the risks of vulnerabilities in decentralized finance platforms.
Source: https://www.infosecurity-magazine.com/news/man-charged-uranium-crypto-hack/
Uranium cybersecurity rating report: https://www.rankiteo.com/company/uranium-finance
"id": "URA1775060765",
"linkid": "uranium-finance",
"type": "Breach",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'FinTech/Decentralized Finance (DeFi)',
'name': 'Uranium Finance',
'type': 'Cryptocurrency Exchange'}],
'attack_vector': 'Smart contract vulnerability exploitation',
'date_detected': '2021-04',
'description': 'A 36-year-old Maryland man, Jonathan Spalletta, has been '
'charged with stealing over $53 million from the Uranium '
'Finance cryptocurrency exchange in two separate attacks in '
'April 2021. The alleged breaches exploited vulnerabilities in '
'the platform’s smart contract code, draining nearly 90% of '
'its assets and forcing its shutdown.',
'impact': {'brand_reputation_impact': 'Significant',
'downtime': 'Platform shutdown',
'financial_loss': '$53.3 million',
'operational_impact': 'Nearly 90% of assets drained',
'systems_affected': 'Uranium Finance cryptocurrency exchange'},
'investigation_status': 'Ongoing (charges filed)',
'lessons_learned': 'Risks of vulnerabilities in decentralized finance '
'platforms',
'motivation': 'Financial gain',
'post_incident_analysis': {'root_causes': ['Smart contract vulnerabilities',
'Inadequate code review']},
'references': [{'source': 'U.S. Department of Justice'}],
'regulatory_compliance': {'legal_actions': 'Charges filed (computer fraud, '
'money laundering)'},
'response': {'law_enforcement_notified': 'Yes',
'recovery_measures': 'Asset seizure ($31 million recovered)'},
'threat_actor': 'Jonathan Spalletta',
'title': 'Maryland Man Charged in $53M Cryptocurrency Heist Targeting Uranium '
'Finance',
'type': 'Cryptocurrency Heist',
'vulnerability_exploited': ['Rewards system manipulation',
'Coding error in liquidity pools']}