Hacker Charged - $53 Million Stolen from Uranium Crypto Exchange

What Happened

U.S. prosecutors have charged 36-year-old Jonathan Spalletta, known online as "Cthulhon" and "Jspalletta," with stealing more than $53 million after executing two sophisticated hacks against the Uranium Finance crypto exchange. Spalletta appeared in court after surrendering to law enforcement on Monday.

The Breaches

The first breach occurred on April 8, 2021, when he exploited a flaw in Uranium's smart contract code, manipulating the AmountWithBonus variable to issue zero-token withdrawal commands that drained approximately $1.4 million from the liquidity pool. Following this, he extorted the exchange, demanding nearly $386,000 of the stolen funds as a sham "bug bounty" in exchange for returning the remainder. On April 28, Spalletta struck again, exploiting a separate coding error that allowed him to withdraw nearly 90% of the assets held across 26 liquidity pools, netting him approximately $53.3 million and forcing the exchange to shut down.

Who's Affected

The U.S. Attorney's office emphasized that theft in the crypto space is no different from traditional theft, stating, "Crypto is just fake internet money anyway" does not excuse the crime.

What Data Was Exposed

Spalletta laundered the stolen assets through the Tornado Cash mixer, using the proceeds for high-value collectibles, including a rare "Black Lotus" Magic: The Gathering card for about $500,000, 18 sealed packs of Alpha Booster Magic cards for around $1.5 million, and an ancient Roman coin commemorating Julius Caesar's assassination for over $601,000. Law enforcement seized these collectibles and recovered approximately $31 million in cryptocurrency linked to Spalletta's wallets.

What You Should Do

He now faces up to 10 years in prison for computer fraud and up to 20 years for money laundering.