Maryland resident Jonathan Spalletta turned himself in to authorities on March 31, facing charges filed by the U.S. Attorney’s Office for the Southern District of New York (SDNY) over two hacking attacks he carried out in 2021 against the BNB Chain DeFi protocol Uranium Finance. The attacks caused more than $54 million in cryptocurrency losses and led to the platform being shut down.
Two Attacks in a Month: Struck Twice, Then the Platform Collapsed
Uranium Finance is a forked automated market maker (AMM) protocol on BNB Chain based on Uniswap, launched during the April bull market of 2021. The indictment shows that Spalletta carried out two precise attacks in less than a month:
First Attack (April 8): The platform had been live for only a few days. Spalletta used a vulnerability in smart contracts to extract cryptocurrency rewards far beyond what he was authorized to receive, stealing about $1.4 million. Afterward, Uranium Finance reached a private agreement with the hacker, recovering all of the stolen funds except $386,000.
Second Attack (April 28): The scale was dramatically upgraded. Spalletta exploited a critical contract flaw that affected withdrawal limits across 26 independent liquidity pools, stealing approximately $53.3 million in crypto assets, including Bitcoin (BTC), Ethereum (ETH), and the platform’s native token. After the second attack, the Uranium Finance website shut down, and victims have not received any compensation to date.
The Bizarre Fate of the Stolen Funds: Crypto Converted Into Historical Artifacts and Trading Cards
The indictment reveals the most unexpected uses of the stolen funds. During a search of Spalletta’s residence, law enforcement found the following items:
Pokémon Cards: A collection of rare cards purchased with stolen cryptocurrency
Ancient Roman coins: Physical ancient currency from the Roman Empire period
Lighter Brothers aircraft fabric: Rare historical artifact fragments taken from the original Lighter Brothers aircraft
In February 2025, authorities had previously seized approximately $31 million in cryptocurrency related to this case, but at the time, no details were made public. The publication of this indictment is what fully discloses the investigation results regarding the flow of funds.
Legal Charges: Computer Fraud and Money Laundering, Up to 30 Years in Prison
Spalletta faces two federal criminal charges: computer fraud, punishable by up to 10 years, and money laundering, punishable by up to 20 years; the two charges combined carry a maximum prison term of up to 30 years. He appeared before a U.S. district judge, Judge Ona Wang, to formally hear the indictment.
U.S. prosecutor Jay Clayton emphasized in a statement: “Stealing from a cryptocurrency exchange is theft, and the claim that ‘cryptocurrency is different’ cannot change that fact. Spalletta caused tens of millions of dollars in losses to real victims, and now he has been arrested.”
2021 was a particularly active year for DeFi hacking attacks, with total losses exceeding $2.6 billion for the year; the largest single incident was a $610 million event targeting the cross-chain protocol Poly Network (the attacker later voluntarily returned the funds). The special aspect of the Uranium Finance case is that victims still have not received any compensation to date.
Frequently Asked Questions
Why could Uranium Finance’s second hacking attack cause such massive losses?
The second attack exploited a logical vulnerability in Uranium’s smart contracts that controlled withdrawal limits for 26 independent liquidity pools. Through a single precise operation, the attacker bypassed the withdrawal limits of all pools, draining the vast majority of the protocol’s assets at once. The scale reached approximately $53.3 million, causing the platform to lose all liquidity and be forced to shut down permanently.
Why can buying Pokémon cards and ancient Roman coins be considered money laundering?
The legal elements of money laundering include disposing of proceeds of crime in any manner, making them appear to have a legitimate source or be difficult to trace. Converting stolen cryptocurrency into physical collectibles is a classic form of “layered” money laundering—turning digital assets into physical form, concealing the source of funds while preserving the value of the assets—which fits the legal definition of money laundering.
Can Uranium Finance victims receive compensation from this indictment?
Authorities seized approximately $31 million in cryptocurrency related to this case in February 2025. If there is a conviction, the court could issue an order for asset forfeiture and require compensation for victims. However, whether funds can be recovered and how much ultimately depends on the progress of the subsequent judicial proceedings. Victims currently face a high degree of uncertainty.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
A judge ruled that the JENNER meme coin issued by socialite Jenners from the Kardashian family is not a security, dismissing the lawsuit.
The U.S. District Court for the Central District of California ruled that the $JENNER meme coin issued by socialite Jenna, of the Kardashian family, does not meet the definition of a security, dismissing investors’ lawsuit. The judge said the plaintiffs failed to prove the features of a common enterprise and can bring other claims in state court.
ChainNewsAbmedia1h ago
Korean Counterfeit Gang Sells Fake Diplomas for Cryptocurrency, Starting at $200
A Korean counterfeit gang is selling forged documents via Telegram, accepting cryptocurrency and digital gift cards. They offer fake diplomas, licenses, and other legal documents, highlighting the role of cryptocurrency in facilitating anonymous transactions for illicit services. Arrests for forgery have nearly doubled in South Korea from 2021 to 2023.
GateNews5h ago
Hong Kong Police Warn of 'AI Quantitative Trading' Crypto Scam, Woman Loses HK$7.7 Million
Hong Kong police revealed a cryptocurrency fraud where a woman lost HK$7.7 million to scammers posing as investment experts via Telegram, promising high returns through AI trading. The police warned the public of the risks associated with cryptocurrency investments.
GateNews9h ago
Galaxy Research Chief: U.S. OFAC Sanctions List Involves 518 Bitcoin Addresses
The U.S. Treasury's OFAC sanctions list includes 518 Bitcoin addresses that have significantly engaged in crypto transactions, currently holding about 9,306 BTC valued at $707 million, highlighting the relationship between cryptocurrency and financial regulation.
GateNews15h ago
Chainalysis Details 'Shadow Crypto Economy' Exposure as Grinex Suspends Operations
Grinex’s shutdown is intensifying scrutiny of crypto laundering tactics, as fund movements suggest behavior inconsistent with typical enforcement actions. Chainalysis analysis highlights patterns that raise questions about whether the activity aligns with a conventional external hack or
Coinpedia04-18 16:51
SEC Crypto Shift Clarifies Rules Without Blanket Approval
The SEC has adopted a more lenient stance on crypto regulation, allowing some interfaces to operate without broker-dealer registration, but has not given blanket approval for the industry. Recent guidance clarifies how crypto assets are categorized, emphasizing that federal securities laws apply mainly to digital securities. Enforcement activity has decreased as the agency focuses on fraud and market integrity.
CryptoFrontier04-18 16:01
