A Maryland resident faces up to 30 years in prison following charges for hacking decentralized exchange Uranium Finance. Prosecutors allege Jonathan Spalletta stole $54 million through smart contract exploits in 2021. The indictment highlights the legal consequences of exploiting DeFi vulnerabilities. Authorities filed the charges in the U.S. Attorney's Office for the Southern District of New York on Monday. This case underscores the growing scrutiny on cryptocurrency security and the legal frameworks governing digital assets.
Charges and Sentencing
Spalletta faces one count of computer fraud, carrying a maximum sentence of 10 years. He also faces one count of money laundering, which carries up to 20 years in prison. The combined maximum penalty totals 30 years behind bars according to federal sentencing guidelines. Prosecutors emphasize that the severity of the charges reflects the scale of the financial loss involved.
The Hacks and Recovery
Prosecutors say that Spalletta first hacked the exchange in April 2021. He allegedly engaged in a deceptive series of transactions with the exchange's smart contracts to make it seem like he could withdraw more rewards than he should have received. He continued those transactions until the liquidity pool was drained, pulling out about $1.4 million in that one hack. A few weeks later, Spalletta then took advantage of another error in the Uranium smart contract and was able to get $53.3 million, causing the exchange to shut down because there was a lack of funds.
In February 2025, authorities in the U.S. said they seized $31 million worth of crypto in the April 2021 hack. This recovery represents roughly 57% of the stolen funds but leaves a large gap in restitution for victims. The seized assets will likely be returned to the exchange or distributed to affected users through legal channels. This action demonstrates the increasing capability of law enforcement to track and recover digital assets.
Spalletta laundered the funds and used them to buy millions of dollars in rare Pokémon and Magic: The Gathering trading cards. He also purchased a piece of fabric from the original Wright brothers' airplane that was subsequently transported to the surface of the moon by astronaut Neil Armstrong on the first moon landing. These purchases illustrate the unique and sometimes eccentric spending habits of high-value crypto criminals. The items serve as tangible evidence of the illicit funds in the ongoing investigation.
U.S. Attorney Jay Clayton issued a statement regarding the case. "As alleged, Jonathan Spalletta repeatedly hacked smart contracts to steal millions of dollars worth of other people's money for himself, and destroyed a cryptocurrency exchange in the process," Clayton said. Clayton added that stealing from a crypto exchange is stealing regardless of the medium. "Stealing from a crypto exchange is stealing — the claim that 'crypto is different' does not change that."
The case highlights the vulnerabilities inherent in decentralized finance protocols. Smart contracts are immutable by design, which means errors cannot be easily patched once deployed. Developers and users must conduct rigorous audits before interacting with new financial applications. This incident serves as a cautionary tale for the broader industry regarding code safety.
Legal experts suggest this prosecution sets a precedent for future crypto-related crimes. It signals that federal authorities are willing to pursue individuals who exploit blockchain technology for financial gain. The outcome of this trial will inform how similar cases are handled in the coming years. Regulatory bodies may introduce stricter requirements for exchange security and user protection.
