What Are the Allegations Against Jonathan Spalletta?
A Maryland man is facing up to 30 years in prison after US prosecutors charged him in connection with two hacks targeting decentralized exchange Uranium Finance in 2021. According to an indictment filed in the US Attorney’s Office for the Southern District of New York, Jonathan Spalletta, 36, is accused of carrying out exploits that drained millions of dollars from the platform.
The charges include one count of computer fraud, which carries a maximum sentence of 10 years, and one count of money laundering, which could add up to 20 years if convicted. Prosecutors allege that Spalletta manipulated vulnerabilities in the exchange’s smart contracts to extract funds beyond what he was entitled to receive.
“As alleged, Jonathan Spalletta repeatedly hacked smart contracts to steal millions of dollars worth of other people’s money for himself, and destroyed a cryptocurrency exchange in the process,” said US Attorney Jay Clayton in a statement.
Clayton added that Spalletta dismissed the severity of his actions, quoting him as saying, “Crypto is just fake internet money anyway.”
How Did the Uranium Finance Hacks Unfold?
Prosecutors say the first exploit took place in April 2021, when Spalletta allegedly executed a series of deceptive transactions that allowed him to withdraw more rewards than permitted under the protocol’s design. He continued exploiting the vulnerability until the liquidity pool was drained, extracting roughly $1.4 million.
Weeks later, authorities allege he identified a separate flaw in the Uranium smart contract, enabling a second, much larger exploit. This attack resulted in losses of approximately $53.3 million and ultimately led to the shutdown of the exchange due to insufficient funds.
The scale of the second exploit highlights the risks associated with unaudited or poorly tested smart contracts, where a single vulnerability can compromise an entire protocol.
Investor Takeaway
What Happened to the Stolen Funds?
According to prosecutors, Spalletta laundered the proceeds from the hacks and used the funds to purchase a range of high-value items, including rare Pokémon and Magic: The Gathering trading cards. Among the more unusual purchases was a piece of fabric from the original Wright brothers’ airplane, later carried to the moon by astronaut Neil Armstrong during the first lunar landing.
The case also involves asset recovery efforts. In February 2025, US authorities announced the seizure of approximately $31 million in cryptocurrency tied to the April 2021 exploit. The recovery represents a partial clawback of funds, though a significant portion of the total losses remains unaccounted for.
What Does This Case Mean for DeFi Enforcement?
The indictment reflects continued enforcement focus on decentralized finance exploits, with prosecutors treating smart contract manipulation as equivalent to traditional financial fraud. The case underscores that technical complexity does not shield participants from legal accountability.
It also highlights the increasing ability of authorities to trace and recover digital assets, even in cases involving complex laundering strategies. As enforcement tools improve, participants in DeFi ecosystems face growing scrutiny over both exploit activity and the subsequent movement of funds.
