Uranium Finance hit by network compromise
Incident
Summary
Hide ▲
Show ▼
Uranium Finance suffered a two-stage smart-contract hack in April 2021 that drained about $53.3 million and forced the exchange to shut down. The attacks exploited flaws in the platform’s withdrawal and transaction-verification logic, letting the attacker move funds without legitimate deposits. The compromise wiped out most of the exchange’s liquidity and left the service unable to continue.
Related Happenings
KelpDAO hit by cyberattack
Incident
First: 21.04.2026 01:23
Last: 21.04.2026 01:23
Sources 1
About this happening:
KelpDAO suffered a cross-chain theft involving rsETH, prompting it to pause rsETH contracts after detecting suspicious activity on April 18, 2026. Reports estimate that about 116,...
KelpDAO hit by cyberattack
IncidentAbout this happening: KelpDAO suffered a cross-chain theft involving rsETH, prompting it to pause rsETH contracts after detecting suspicious activity on April 18, 2026. Reports estimate that about 116,...
Latest development: 21.04.2026 11:30
North Korea’s Lazarus Group targeted LayerZero Labs on April 18, 2026 by poisoning downstream RPC infrastructure, compromising two independent RPC nodes, swapping binaries on op-geth nodes, and forcing a DDoS-driven failover that let a forged cross-chain message pass and enable an unauthorized rsETH transfer.
Uranium Finance smart contract flaws actively exploited security flaw
Vulnerability
First: 31.03.2026 18:30
Last: 31.03.2026 18:30
Sources 1
How related:
Officials said the alleged attacks involved exploiting flaws in smart contract code.
About this happening:
In **April 2021**, **Uranium Finance** smart contract flaws were **actively exploited** to drain funds from liquidity pools, including a **rewards calculation** weakness and a **t...
Uranium Finance smart contract flaws actively exploited security flaw
VulnerabilityHow related: Officials said the alleged attacks involved exploiting flaws in smart contract code.
About this happening: In **April 2021**, **Uranium Finance** smart contract flaws were **actively exploited** to drain funds from liquidity pools, including a **rewards calculation** weakness and a **t...
Jonathan Spalletta Cthulhon Jspalletta indicted in Jonathan Spalletta / Uranium Finance hack and laundering case
Law Enforcement
First: 31.03.2026 12:15
Last: 31.03.2026 12:15
Sources 1
How related:
Jonathan Spalletta, 36, appeared in court after surrendering to law enforcement, according to US prosecutors.
About this happening:
**U.S. prosecutors** charged **Jonathan Spalletta** in a **federal cybercrime** case tied to the **Uranium Finance** hack, alleging more than **$53 million** in stolen crypto was...
Jonathan Spalletta Cthulhon Jspalletta indicted in Jonathan Spalletta / Uranium Finance hack and laundering case
Law EnforcementHow related: Jonathan Spalletta, 36, appeared in court after surrendering to law enforcement, according to US prosecutors.
About this happening: **U.S. prosecutors** charged **Jonathan Spalletta** in a **federal cybercrime** case tied to the **Uranium Finance** hack, alleging more than **$53 million** in stolen crypto was...
Unleash Protocol hit by network compromise
Incident
First: 31.12.2025 17:54
Last: 31.12.2025 17:54
Sources 1
About this happening:
**Unleash Protocol** suffered a **$3.9 million** crypto theft after an attacker used **unauthorized multisig control** to approve a contract upgrade and enable withdrawals. The co...
Unleash Protocol hit by network compromise
IncidentAbout this happening: **Unleash Protocol** suffered a **$3.9 million** crypto theft after an attacker used **unauthorized multisig control** to approve a contract upgrade and enable withdrawals. The co...
Yearn Finance's yETH pool hit by cyberattack
Incident
First: 03.12.2025 17:30
Last: 03.12.2025 17:30
Sources 1
About this happening:
Yearn Finance's **yETH pool** on **Ethereum** suffered an **asset-drain exploit** that removed about **$9m** from the pool. The attacker abused a flaw in the pool's internal accou...
Yearn Finance's yETH pool hit by cyberattack
IncidentAbout this happening: Yearn Finance's **yETH pool** on **Ethereum** suffered an **asset-drain exploit** that removed about **$9m** from the pool. The attacker abused a flaw in the pool's internal accou...
Timeline
-
31.03.2026 12:15 1 articles · 1mo ago
Uranium Finance April 8 exploit drains about $1.4 million
Exploitation ObservedJonathan Spalletta exploits a flaw in Uranium's smart contract code by abusing the AmountWithBonus variable to issue zero-token withdrawal commands, forcing the exchange to pay rewards he was not entitled to receive and draining about $1.4 million from the liquidity pool. He also extorts Uranium into assigning nearly $386,000 of the stolen funds as a sham "bug bounty" in exchange for returning the remainder.
Show sources
- Hacker charged with stealing $53 million from Uranium crypto exchange — www.bleepingcomputer.com — 31.03.2026 12:15
-
31.03.2026 12:15 1 articles · 1mo ago
Uranium Finance April 28 exploit steals about $53.3 million and forces shutdown
Victim Impact UpdateThree weeks later on April 28, 2021, Jonathan Spalletta exploits a separate single-character coding error in Uranium's transaction-verification logic, causing it to use 1,000 instead of 10,000. The flaw lets him withdraw nearly 90% of the assets held across 26 separate liquidity pools while depositing effectively zero tokens, netting about $53.3 million and forcing the exchange to shut down immediately.
Show sources
- Hacker charged with stealing $53 million from Uranium crypto exchange — www.bleepingcomputer.com — 31.03.2026 12:15
-
31.03.2026 12:15 2 articles · 1mo ago
U.S. prosecutors charge Jonathan Spalletta over the Uranium Finance hack
Legal Policy Action UpdateU.S. prosecutors charge Maryland man Jonathan Spalletta, known online as "Cthulhon" and "Jspalletta", with stealing more than $53 million after hacking Uranium Finance twice and laundering the proceeds through Tornado Cash. After surrendering to law enforcement on Monday, he appears in court before U.S. Magistrate Judge Ona T. Wang and faces charges that could carry up to 10 years for computer fraud and up to 20 years for money laundering.
Show sources
- Hacker charged with stealing $53 million from Uranium crypto exchange — www.bleepingcomputer.com — 31.03.2026 12:15
- Maryland Man Charged Over $53m Uranium Finance Crypto Hack — www.infosecurity-magazine.com — 31.03.2026 18:30