Written by Stephen Katte,Staff Writer
Reviewed by Felix Ng,Staff EditorAlleged $54M Uranium Finance hacker faces 30 years in prison
54 minutes agoProsecutors allege the stolen funds were used to purchase collectibles, including Pokémon cards, antique Roman coins and a piece of fabric from the Wright brothers' plane.
Cointelegraph in your social feed
Subscribe on Follow ourUS authorities have unsealed an indictment against the man accused of hacking Uranium Finance, a now-defunct decentralized finance platform that lost over $54 million across two exploits in 2021.
The US Attorney's Office for the Southern District of New York on Monday accused Maryland resident Jonathan Spalletta of carrying out two separate hacks against Uranium Finance in April 2021. He also surrendered to authorities on Monday.
In a statement, US Attorney Jay Clayton said Spalletta exploited smart contracts to steal millions from Uranium Finance, causing the exchange to shut down due to a lack of funds.
“Stealing from a crypto exchange is stealing—the claim that ‘crypto is different’ does not change that. For the victims, there is nothing different about having your money taken. Spalletta cost real victims real losses of tens of millions of dollars, and now he’s under real arrest,” he added.
Uranium Finance was a BNB Chain fork of automated market maker Uniswap, which launched in April 2021 during the bull market. Its website shuttered after the second hack, and victims have been left with few answers since.
Two hacks in the same month killed the exchange
Uranium Finance suffered a $1.4 million hack on April 8, 2021, only a few days after launching, when a bad actor exploited a smart contract to “withdraw far more rewards in cryptocurrency” than they were authorized to receive, according to the US Attorney's Office of the Southern District of New York.
A private deal was later struck between the platform and the hacker, resulting in the return of all but $386,000 of the stolen funds.
In a larger, second hack a few weeks later, on April 28, a bad actor exploited an error in the Uranium smart contract governing withdrawal limits across 26 separate liquidity pools to steal $53.3 million in crypto, which included Bitcoin (BTC), Ether (ETH) and “U92” tokens, the platform's native coin.
Funds allegedly spent on Pokémon cards, Roman coins
Prosecutors alleged the stolen funds were used to purchase collectibles, including Pokémon cards, antique Roman coins and a piece of fabric from the Wright brothers’ original airplane. The items were seized during a search of Spalletta’s residence.
Related: Fenbushi co-founder offers bounty to recover $42M lost in 2022 hack
In February of last year, authorities seized $31 million in cryptocurrency tied to the hack but released no details at the time.
Spalletta has been charged with one count of computer fraud, carrying a possible sentence of up to 10 years, and one count of money laundering, carrying a possible sentence of up to 20 years.
He was due to be presented on Monday before US Magistrate Ona Wang to formally hear the charges.
It’s estimated that bad actors stole more than $2.6 billion through hacks and exploits in 2021, with the largest coming from a $610 million attack on the cross-chain DeFi protocol Poly Network. The hacker later returned the funds, with the team describing it as a white-hat action.
Magazine: Morgan Stanley Bitcoin ETF undercuts BlackRock, SBF pardon unlikely: Hodler’s Digest, Mar. 22 – 28
Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy https://cointelegraph.com/editorial-policy
