Federal prosecutors have unsealed an indictment against a Maryland man, Jonathan Spalletta, accused of orchestrating massive cyberattacks against Uranium Finance, resulting in the catastrophic collapse of the decentralized cryptocurrency exchange. Investors and the platform faced devastating losses after the suspect allegedly exploited smart contract vulnerabilities to siphon approximately $54.7 million across two separate hacks before laundering the stolen assets.
The Uranium Finance collapse is a stark reminder that cryptocurrency platforms—particularly decentralized exchanges—can expose investors to catastrophic risk with little warning or recourse. If a licensed financial advisor or broker recommended you invest through Uranium Finance or a similar DeFi protocol, or if your cryptocurrency exchange account was compromised due to inadequate platform security, the experienced cryptocurrency lawyers at Meyer Wilson Werning are ready to assist you in evaluating your recovery options.
How the Uranium Finance Hacks Unfolded
According to the unsealed indictment from the U.S. Attorney’s Office for the Southern District of New York, Jonathan Spalletta (also known online as “Cthulhon” or “Jspalletta“) targeted the decentralized exchange’s liquidity pools in April 2021. Uranium Finance operated by allowing users to deposit and exchange various cryptocurrencies, but critical coding errors left the platform vulnerable to exploitation.
The alleged cyberattacks occurred in two distinct phases:
- The First Hack (April 8, 2021): Spalletta allegedly engaged in deceptive transactions with the exchange’s smart contract, withdrawing far more crypto “rewards” than authorized. By repeating the process, he drained the liquidity pool of approximately $1.4 million. He later extorted the exchange, keeping $386,000 as a sham “bug bounty” to evade prosecution while returning the remainder of that specific theft.
- The Second Hack (April 28, 2021): Exploiting a separate coding error governing withdrawal limits, the suspect drained 26 separate liquidity pools. This devastating breach fraudulently obtained approximately $53.3 million, forcing Uranium Finance to shut down immediately due to a complete lack of funds.
We Have Recovered Over
$350 Million for Our Clients Nationwide.
Where Did the Stolen Cryptocurrency Go?
Following the massive theft, prosecutors claim that Spalletta initiated a complex money laundering operation to hide the illicit funds. This included routing the stolen assets through the cryptocurrency mixer Tornado Cash.
After laundering the funds, the suspect allegedly used the money to purchase high-value, rare physical collectibles. The $54.7 million scheme funded the acquisition of:
- A “Black Lotus” Magic: The Gathering card for approximately $500,000
- 18 packs of sealed “Alpha Booster” Magic: The Gathering cards for approximately $1,512,500
- One sealed box of first edition “Booster” Pokémon Cards for approximately $257,500
- A first edition complete base set of Pokémon Cards for approximately $750,000
- An “Eid Mar Denarius” antique Roman coin commemorating the assassination of Julius Caesar for approximately $601,545
- A piece of fabric from the original Wright brothers’ airplane (later taken to the moon by astronaut Neil Armstrong) for approximately $137,500
Important Points: The Charges and Seizures
Law enforcement agencies, including Homeland Security Investigations (HSI), have taken significant steps to hold the accused accountable. On February 24, 2025, authorities executed a judicially-authorized seizure warrant, recovering approximately $31 million in stolen cryptocurrency from the suspect’s residence.
Jonathan Spalletta, 36, of Rockville, Maryland, surrendered to authorities and is currently facing severe legal consequences. He is charged with:
- One count of computer fraud, carrying a maximum sentence of 10 years in prison.
- One count of money laundering, carrying a maximum sentence of 20 years in prison.
U.S. Attorney Jay Clayton emphasized that stealing from a crypto exchange is no different from traditional theft, stating that the actions cost real victims real losses of tens of millions of dollars.
Our lawyers are nationwide leaders in investment fraud cases.
What the Uranium Finance Collapse Means for Cryptocurrency Investors
The collapse of Uranium Finance highlights the severe and hidden risks that investors face when participating in decentralized finance platforms and complex liquidity pools. Unlike regulated exchanges such as Coinbase, Gemini, or Kraken, decentralized protocols often lack the security infrastructure, insurance protections, and regulatory oversight that can give investors a path to recovery when things go wrong.
This case is also a reminder that the lines between traditional financial misconduct and emerging crypto fraud are blurring. In many cases, a licensed financial advisor or broker steered clients into risky crypto-related investments without proper disclosure—or a regulated exchange failed to implement adequate security, leaving customer accounts exposed to hacking and theft.
If a financial professional played a role in directing you toward a cryptocurrency investment that resulted in significant losses—or if your account on a regulated crypto exchange was hacked due to the platform’s negligent security practices—Meyer Wilson Werning can help. With more than 25 years of experience and over $350 million recovered for clients, our team has the deep legal expertise needed to hold bad actors and negligent platforms accountable. Contact us today for a free and confidential consultation to discuss your specific situation and learn whether you have a claim.
We Are The firm other lawyers
call for support.
Frequently Asked Questions
What happened to the Uranium Finance exchange?
Uranium Finance was a decentralized cryptocurrency exchange that suffered two massive cyberattacks in April 2021. Hackers exploited smart contract vulnerabilities, draining the platform’s liquidity pools and forcing it to permanently shut down due to a lack of funds.
How much money was stolen in the Uranium Finance hack?
The exchange lost approximately $54.7 million in total. The first hack on April 8, 2021, resulted in a loss of $1.4 million, while the second hack on April 28, 2021, drained approximately $53.3 million.
What are the charges against Jonathan Spalletta?
Jonathan Spalletta is facing one count of computer fraud and one count of money laundering. If convicted, he faces a maximum combined sentence of 30 years in federal prison.
Recovering Losses Caused by Investment Misconduct.