Skip to content
Tech News
← Back to articles

Hacker charged with stealing $53 million from Uranium crypto exchange

2026-03-31 | original
read original get Uranium Crypto Ledger → more articles
Why This Matters

This case highlights the ongoing vulnerabilities in decentralized crypto exchanges and underscores the importance of robust security measures to protect investors' assets. It also demonstrates that despite the perception of crypto as 'fake internet money,' real financial losses and legal consequences are very real for both victims and perpetrators. The incident serves as a reminder for consumers and the industry to prioritize security and transparency in crypto operations.

Key Takeaways

U.S. prosecutors have charged a Maryland man with stealing more than $53 million after hacking the Uranium Finance crypto exchange twice and laundering the proceeds through a cryptocurrency mixer.

36-year-old Jonathan Spalletta (known online as "Cthulhon" and "Jspalletta") appeared in court before U.S. Magistrate Judge Ona T. Wang after surrendering to law enforcement on Monday.

Spalletta hacked the decentralized cryptocurrency exchange Uranium (which operated as an automated market maker similar to Uniswap) in April 2021, forcing the company to shut down due to a lack of funds after stealing approximately $53.3 million worth of cryptocurrency.

"As alleged, Jonathan Spalletta repeatedly hacked smart contracts to steal millions of dollars' worth of other people's money for himself, and destroyed a cryptocurrency exchange in the process," said U.S. Attorney Jay Clayton.

"In describing his alleged 'heist,' Spalletta told another individual' Crypto is just fake internet money anyway.' Stealing from a crypto exchange is stealing—the claim that 'crypto is different' does not change that. For the victims, there is nothing different about having your money taken. Spalletta cost real victims real losses of tens of millions of dollars, and now he's under real arrest."

According to the unsealed indictment, the defendant carried out two separate attacks. During the first breach, on April 8, Spalletta exploited a flaw in Uranium's smart contract code, abusing the AmountWithBonus variable to issue zero-token withdrawal commands that forced the exchange to pay rewards he was not entitled to receive, draining the liquidity pool of approximately $1.4 million.

Tracing stolen Uranium Finance funds (TRM Labs)

Spalletta then extorted Uranium into assigning nearly $386,000 of the stolen funds as a sham "bug bounty" in exchange for returning the remainder to the crypto-exchange.

Three weeks later, on April 28, he struck again, exploiting a separate single-character coding error that caused Uranium's transaction-verification logic to use 1,000 instead of 10,000.

This allowed Spalletta to withdraw nearly 90% of the assets held across 26 separate liquidity pools while depositing effectively zero tokens, netting him approximately $53.3 million (the overwhelming majority of Uranium's holdings) and forcing the crypto exchange to shut down immediately.

... continue reading

Explore topics: uranium finance smart contracts cryptocurrency exchange hacking blockchain
Related:
RFK Jr. wants Americans to use peptides that were banned over safety risks
Duolingo’s Luis von Ahn Wants to Delete the Blockchain
Hackers are using fake coding jobs to spread malware through GitHub
Entrepreneurs Can Now Access 1,000+ Professional Courses for Just $19.97 for Life
Kash Patel’s Email Account Hacked, Iran-Linked Group Takes Credit

© 2026 GoKawiil

About | Editorial Policy | Contact