U.S. authorities have charged an alleged hacker in connection with a 2021 exploit of decentralized exchange Uranium Finance that drained about $53 million in crypto and helped force the platform to shut down, according to a Decrypt report.

A federal indictment unsealed on Monday charged Jonathan Spalletta, also known as “Cthulhon” and “Jspalletta,” with computer fraud and money laundering tied to two attacks on Uranium Finance in 2021. Spalletta surrendered to authorities on Monday and faces up to 10 years in prison on the computer fraud count and up to 20 years on the money laundering charge, the report said.

Prosecutors allege Spalletta first exploited a rewards-tracking bug on April 8, 2021 to drain about $1.4 million from a liquidity pool. Roughly two weeks later, he allegedly wrote to another person that he had carried out a “crypto heist” of about $1.5 million and described digital assets as “fake internet money,” the report said.

Spalletta later returned most of the funds from the first attack after negotiating with the platform, but kept about $386,000 through what prosecutors described as a sham bug bounty arrangement, the news site said. 

The larger attack came on April 28, 2021, when Spalletta allegedly exploited another flaw across 26 liquidity pools and obtained about $53.3 million in crypto, leaving Uranium Finance unable to continue operating, according to the report.

Prosecutors also alleged that between April 2021 and November 2023, about $26 million was funneled through crypto mixer Tornado Cash and moved across multiple blockchains and wallets to obscure the source of the funds.

The illicit proceeds were used to buy high-value collectibles, including rare Magic and Pokemon cards, a Julius Caesar-era coin, and a Wright brothers artifact later carried to the moon by Neil Armstrong. Law enforcement also seized about $31 million in crypto last February that authorities say was tied to the scheme, Decrypt reported.

Read more at Decrypt