US prosecutors have charged a Maryland man with stealing more than $53 million worth of cryptocurrency through attacks on the Uranium Finance exchange, according to an unsealed indictment.
The defendant, 36-year-old Jonathan Spalletta, is accused of carrying out two separate attacks against the decentralized exchange in April 2021. Authorities allege that he exploited vulnerabilities in the platform’s smart contracts to drain funds from its liquidity pools.
According to prosecutors, the first attack took place on April 8, when the defendant allegedly abused a flaw in a reward calculation mechanism known as the AmountWithBonus variable. This allowed him to issue withdrawal commands that generated payouts he was not entitled to receive, resulting in the theft of approximately $1.4 million in cryptocurrency.
The indictment states that after the initial breach, the defendant communicated with the platform and arranged to return part of the stolen funds. In exchange, Uranium Finance assigned approximately $386,000 to him as a bug bounty payment, according to court documents.
Prosecutors allege that the defendant conducted a second attack on April 28, exploiting a separate coding error in the platform’s transaction verification logic. The flaw reportedly caused the system to process values incorrectly, enabling the removal of a significantly larger amount of cryptocurrency.
Authorities stated that the combined impact of the two attacks resulted in losses exceeding $53 million. Following the incidents, Uranium Finance ceased operations due to the loss of funds, according to the indictment.
The charges also include allegations that the defendant attempted to conceal the origin of the stolen cryptocurrency by transferring it through a mixing service, a method commonly used to obscure transaction trails on blockchain networks.
Spalletta appeared before a US magistrate judge after surrendering to law enforcement. Prosecutors stated that the investigation involved tracking blockchain transactions linked to the alleged attacks.
The case remains ongoing, and the charges outlined in the indictment have not been proven in court.