Key TakeawaysFederal authorities have indicted Jonathan Spalletta, 36, from Rockville, Maryland, on charges of computer fraud and money launderingThe defendant allegedly exploited Uranium Finance on two separate occasions in April 2021, extracting more than $50 million in digital assetsStolen funds were allegedly funneled through Tornado Cash and used to acquire high-value collectibles including rare trading cards and historical artifactsFederal agents recovered approximately $31 million in cryptocurrency connected to the breach during February 2025 seizuresIf found guilty on all charges, Spalletta could receive a maximum prison sentence of 30 yearsFederal authorities have brought criminal charges against Jonathan Spalletta, a 36-year-old Rockville, Maryland resident, alleging he orchestrated two separate cyberattacks against the Uranium Finance decentralized exchange platform during April 2021, draining the platform of more than $50 million in cryptocurrency.(1/2) Uranium migration has been exploited, the following address has 50m in it The only thing that matters is keeping the funds on BSC, everyone please start tweeting this address to Binance immediately asking them to stop transfers.— Uranium Finance (@UraniumFinance) April 28, 2021The criminal indictment was made public by prosecutors from the Southern District of New York this past Monday. Spalletta voluntarily turned himself in to federal authorities in Manhattan that same day and made his initial court appearance before U.S. Magistrate Judge Ona Wang.Uranium Finance operated as a BNB Chain-based derivative of the popular automated market maker protocol Uniswap. The platform went live in April 2021 but was forced to cease operations shortly thereafter following the devastating attacks that depleted its treasury.The initial breach took place on April 8, 2021, merely days following the platform’s official launch. According to prosecutors, Spalletta identified and exploited a vulnerability within Uranium’s reward distribution system, enabling him to extract significantly more cryptocurrency than his account permissions allowed, netting approximately $1.4 million in the process.Following the initial incident, both parties entered into a private settlement arrangement. Spalletta engaged in negotiations for what authorities now characterize as a fraudulent “bug bounty” agreement, returning the majority of the stolen assets while retaining roughly $386,000 for himself.The more substantial and damaging attack occurred on April 28, 2021. Prosecutors allege Spalletta discovered and exploited a critical flaw in the smart contract code that managed withdrawal restrictions across 26 separate liquidity pools, successfully stealing $53.3 million worth of various cryptocurrencies, including Bitcoin, Ethereum, and the platform’s native U92 token.In the aftermath of the second major exploit, Uranium Finance took its website offline permanently, leaving affected users with minimal information regarding the incident’s circumstances or the identity of those responsible.During February 2025, law enforcement agencies successfully seized roughly $31 million in cryptocurrency assets directly linked to these exploits. At that time, officials declined to reveal any information about potential suspects.Alleged Laundering Scheme and Luxury PurchasesAccording to the prosecution’s allegations, Spalletta employed sophisticated laundering techniques involving numerous transactions to obscure the origin of the stolen cryptocurrency, including routing funds through Tornado Cash, a privacy-focused cryptocurrency mixing service.He subsequently allegedly converted the illicit proceeds into premium collectible items. These acquisitions included a highly coveted Black Lotus Magic: The Gathering card purchased for approximately $500,000, along with 18 unopened Alpha edition booster packs totaling roughly $1.5 million.Additional alleged purchases encompassed first-edition Pokémon card sets valued at over $1 million, an ancient Roman “Eid Mar” commemorative coin acquired for about $601,500, and a fragment of fabric from the Wright brothers’ historic first airplane. Law enforcement recovered these items during a search operation at his residence.According to communications referenced in the criminal indictment, Spalletta reportedly told an acquaintance: “I did a crypto heist … Crypto is all fake internet money anyway.”Legal Consequences and Maximum PenaltiesSpalletta is charged with one count of computer fraud, punishable by up to 10 years of incarceration, alongside one count of money laundering, which carries a maximum penalty of 20 years in prison.U.S. Attorney Jay Clayton stated: “Stealing from a crypto exchange is stealing — the claim that ‘crypto is different’ does not change that.”This prosecution represents the first instance where a specifically identified defendant has been publicly connected to the Uranium Finance incident, occurring more than four years following the original attacks.The post Rockville Resident Indicted for $50M Uranium Finance Crypto Heist From 2021 appeared first on Blockonomi.