Uranium Finance Hack: $54M Theft Charges, 30 Years for Spalletta

US prosecutors have charged Maryland resident Jonathan Spalletta in the Uranium Finance hack, alleging he stole about $54m worth of crypto tied to the now-defunct BNB Chain DeFi exchange. The indictment covers two April 2021 attacks. The first (Apr 8) allegedly exploited a smart-contract issue to drain about $1.4m; a reported private settlement returned most funds, leaving roughly $386,000 unrecovered. The second (Apr 28) allegedly exploited a withdrawal coding error, sweeping 26 liquidity pools and stealing about $53.3m in Bitcoin (BTC), Ether (ETH), and Uranium’s U92 token. Uranium Finance shut down soon after. Prosecutors also allege Spalletta moved and concealed proceeds using swaps and mixing services, including Tornado Cash. Spalletta faces one count of computer fraud and one count of money laundering, with up to 30 years if convicted. For traders, this Uranium Finance hack case highlights how older DeFi thefts can re-emerge in enforcement after large recoveries—usually more relevant for ecosystem risk sentiment than for near-term BTC or ETH price direction.