A Maryland man was charged with computer fraud and money laundering in connection with his 2021 hacks of the decentralized cryptocurrency exchange Uranium Finance. The accused reportedly stole over $50 million in cryptocurrency across the two exploits.
According to the press release, Jonathan Spalletta, 36, of Rockville, Maryland, allegedly “engaged in a deceptive series of transactions with Uranium’s smart contract” on April 8, 2021.
This allowed him to withdraw far more cryptocurrency rewards than authorized. He reportedly drained roughly $1.4 million from the first hack. Spalletta told an individual:
“I did a crypto heist of $1.5MM a couple of weeks ago . . . There was a bug in a smart contract, and I exploited it . . . Crypto is all fake internet money anyway.”
After this, Spalletta allegedly extorted the exchange into letting him keep about $386,000 as a fake “bug bounty” to avoid prosecution.
On April 28, he exploited an error in the platform’s smart contract that governed the limit on the amount of crypto a user could withdraw from a pool.
That exploit hit 26 separate liquidity pools, netting approximately $53.3 million in various cryptocurrencies. Uranium Finance ceased operations due to the catastrophic loss.
“As alleged, Jonathan Spalletta repeatedly hacked smart contracts to steal millions of dollars’ worth of other people’s money for himself, and destroyed a cryptocurrency exchange in the process,” said US Attorney Jay Clayton.
Follow us on X to get the latest news as it happens
According to prosecutors, he laundered the stolen funds through a complex series of cryptocurrency transactions. He also used crypto mixer Tornado Cash, then went on a spending spree on rare collectibles and antique coins.
Federal agents seized approximately $31 million in cryptocurrency from Spalletta in February 2025. Spalletta surrendered Monday and faces up to 30 years in prison. The case is being prosecuted by the Complex Frauds and Cybercrime Unit.
“SPALLETTA, 36, of Rockville, Maryland, is charged with one count of computer fraud, which carries a maximum sentence of 10 years in prison; and one count of money laundering, which carries a maximum sentence of 20 years in prison,” the press release reads.
The charges come as exploits remain a persistent threat. Crypto-related theft exceeded $4 billion in 2025, a 34% annual increase, according to PeckShield. Smart contract vulnerabilities accounted for a significant share of those losses.
Subscribe to our YouTube channel to watch leaders and journalists provide expert insights
