- Today
- Holidays
- Birthdays
- Reminders
- Cities
- Atlanta
- Austin
- Baltimore
- Berwyn
- Beverly Hills
- Birmingham
- Boston
- Brooklyn
- Buffalo
- Charlotte
- Chicago
- Cincinnati
- Cleveland
- Columbus
- Dallas
- Denver
- Detroit
- Fort Worth
- Houston
- Indianapolis
- Knoxville
- Las Vegas
- Los Angeles
- Louisville
- Madison
- Memphis
- Miami
- Milwaukee
- Minneapolis
- Nashville
- New Orleans
- New York
- Omaha
- Orlando
- Philadelphia
- Phoenix
- Pittsburgh
- Portland
- Raleigh
- Richmond
- Rutherford
- Sacramento
- Salt Lake City
- San Antonio
- San Diego
- San Francisco
- San Jose
- Seattle
- Tampa
- Tucson
- Washington
US Charges Alleged Hacker Over $54M DeFi Exploit
Authorities say Maryland resident Jonathan Spalletta exploited Uranium Finance smart contracts to steal millions in crypto.
Mar. 31, 2026 at 2:06am
Got story updates? Submit your updates here. ›
The Uranium Finance hacks exposed the vulnerability of DeFi platforms to sophisticated cyberattacks, costing victims millions in stolen cryptocurrency.NYC TodayUS authorities have unsealed an indictment against Maryland resident Jonathan Spalletta, accusing him of hacking the now-defunct decentralized finance platform Uranium Finance in 2021 and stealing over $54 million across two separate exploits. Prosecutors allege Spalletta used the stolen funds to purchase collectibles like Pokémon cards and Roman coins.
Why it matters
The Uranium Finance hacks highlight the ongoing security vulnerabilities in the DeFi space, where billions have been lost to exploits and hacks in recent years. This case underscores the need for stronger smart contract auditing and security measures to protect investors and platforms.
The details
According to the indictment, Spalletta carried out two hacks against Uranium Finance in April 2021. The first, on April 8, saw him exploit a smart contract flaw to withdraw far more cryptocurrency rewards than he was authorized. A private deal was later struck to return most of the $1.4 million stolen. In a larger second hack on April 28, Spalletta allegedly exploited an error in Uranium's withdrawal limit smart contract to steal $53.3 million in Bitcoin, Ether, and the platform's native U92 tokens. Prosecutors say Spalletta used the stolen funds to purchase collectibles like Pokémon cards, Roman coins, and a piece of fabric from the Wright brothers' airplane.
- On April 8, 2021, Spalletta allegedly exploited a smart contract flaw to steal $1.4 million from Uranium Finance.
- On April 28, 2021, Spalletta allegedly stole $53.3 million from Uranium Finance in a larger hack.
The players
Jonathan Spalletta
A Maryland resident accused of hacking the Uranium Finance DeFi platform and stealing over $54 million in two separate exploits in 2021.
Uranium Finance
A now-defunct decentralized finance platform that was hacked twice in April 2021, leading to its shutdown due to lack of funds.
Jay Clayton
The US Attorney for the Southern District of New York who announced the indictment against Spalletta.
What they’re saying
“Stealing from a crypto exchange is stealing—the claim that 'crypto is different' does not change that. For the victims, there is nothing different about having your money taken. Spalletta cost real victims real losses of tens of millions of dollars, and now he's under real arrest.”
— Jay Clayton, US Attorney, Southern District of New York
What’s next
Spalletta is due to be presented before US Magistrate Ona Wang to formally hear the charges against him, which include one count of computer fraud and one count of money laundering.
The takeaway
The Uranium Finance hacks underscore the ongoing security challenges in the DeFi space, where billions have been lost to exploits in recent years. This case highlights the need for stronger smart contract auditing and security measures to protect investors and platforms from such attacks.
