A US national was charged with hacking the decentralized cryptocurrency exchange Uranium Finance and causing it to shut down.
The individual, Jonathan Spalletta, 36, of Rockville, Maryland, allegedly exploited smart contract vulnerabilities at Uranium twice in 2021 to drain large amounts of cryptocurrency in one of the largest decentralized finance (DeFi) cyber incidents at the time.
The first hack occurred on April 8, 2021, when Spalletta exploited the protocol’s reward distribution system to withdraw roughly $1.4 million in funds, the indictment alleges.
Subsequently, he extorted Uranium to allow him to keep approximately $386,000 of the funds as a fake bug bounty reward and returned roughly $1 million to the crypto exchange.
On April 28, Spalletta exploited another smart contract vulnerability in Uranium to withdraw more funds than he should have been allowed to.
The bug allowed him to steal approximately $53.3 million in cryptocurrency across 26 Uranium liquidity pools, effectively draining the exchange and causing it to shut down.
According to the indictment, Spalletta laundered the funds through a series of cryptocurrency transactions, including using the crypto mixer Tornado Cash.
The US sanctioned the mixer in 2022 for being a hub for laundering stolen funds, but lifted the sanctions in March last year.
Spalletta used the laundered money to purchase collectible items, such as Magic Cards, Pokémon Cards, and antique Roman coins, collectively worth millions.
In February last year, US law enforcement announced the seizure of approximately $31 million in cryptocurrency that Spalletta had fraudulently obtained from Uranium.
The funds had been converted into various virtual currencies and stored in dormant wallets for roughly three years before being moved again in 2024.
Spalletta, who surrendered himself, was charged with computer fraud and money laundering. If found guilty, he could be sentenced to 10 years in prison for fraud and 20 years in prison for money laundering.
Related: Alleged RedLine Malware Administrator Extradited to US
Related: Russian Cybercriminal Gets 2-Year Prison Sentence in US
Related: US Shuts Down Crypto Exchange E-Note, Charges Russian Administrator
Related: DeFi Protocol Balancer Starts Recovering Funds Stolen in $128 Million Heist
