VulnHub

Real-time Cybersecurity News

US Charges Uranium Crypto Exchange Hacker

SecurityWeek
Actively Exploited

Overview

Jonathan Spalletta has been charged for exploiting vulnerabilities in the smart contracts of Uranium, a cryptocurrency exchange, leading to a theft of around $55 million worth of digital assets. The hack forced Uranium to shut down operations, impacting users and investors who relied on the platform for trading. This incident highlights the ongoing risks associated with smart contracts in the crypto space, where security flaws can lead to significant financial losses. The case is part of a broader trend, as law enforcement agencies increase their scrutiny of cybercriminal activities in the cryptocurrency sector. As Spalletta faces legal consequences, it raises awareness about the importance of security measures in protecting digital currencies.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Uranium cryptocurrency exchange, smart contracts
  • Action Required: Improving security audits for smart contracts, implementing stricter code review processes.
  • Timeline: Disclosed on October 2023

Original Article Summary

Jonathan Spalletta exploited smart contract vulnerabilities to steal approximately $55 million in cryptocurrency and cause Uranium to shut down. The post US Charges Uranium Crypto Exchange Hacker appeared first on SecurityWeek.

Impact

Uranium cryptocurrency exchange, smart contracts

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Disclosed on October 2023

Remediation

Improving security audits for smart contracts, implementing stricter code review processes

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

Cyberattacks Intensify Pressure on Latin American Governments

darkreading

Cyberattacks are on the rise in Latin America, specifically targeting government systems. In Puerto Rico, there have been disruptive attacks that have affected government operations. Meanwhile, Colombia's health sector is facing a surge of probing activities, raising concerns about data integrity and system security. These incidents reflect a growing trend of cyber threats in the region, putting government agencies and public services at risk. As these attacks escalate, they not only disrupt essential services but also pose a challenge for authorities in maintaining public trust and safety.

Apr 1, 2026

Cyberattacks powered by stolen credentials on the rise

SCM feed for Latest

Cybersecurity incidents are increasingly being driven by identity theft, particularly through stolen login credentials. Reports indicate that attackers are using these stolen credentials as a primary way to infiltrate systems, leading to a surge in ransomware attacks. This trend poses significant risks for companies and individuals alike, as unauthorized access can lead to data breaches and financial losses. Organizations need to strengthen their security measures and educate users on the importance of password hygiene and multi-factor authentication to combat this rising threat. The alarming rise in credential abuse emphasizes the need for vigilance in cybersecurity practices.

Apr 1, 2026

Bogus LinkedIn message alerts enable credential siphoning

SCM feed for Latest

Cybercriminals are sending out fake LinkedIn alert messages that claim to offer job opportunities, but their real goal is to steal user credentials. This phishing campaign tricks recipients into providing sensitive information, putting their accounts at risk. The fraudulent messages imitate legitimate notifications from LinkedIn, making them difficult to detect. Users who fall for this scam could find their personal data compromised, leading to potential identity theft or unauthorized access to their accounts. It's essential for LinkedIn users to be cautious and verify messages before clicking on any links or providing information.

Apr 1, 2026

Report sheds more light on Phantom Stealer

SCM feed for Latest

A recent report from Infosecurity Magazine reveals that the Phantom Stealer, a .NET-based malware, has been targeting manufacturing, technology, and logistics sectors across Europe. This malware is part of the Phantom Project cybercrime kit, which also includes a crypter and a remote access tool. The attacks occurred in a series of phishing campaigns from November 2025 to January 2026. Organizations in these industries should be aware of the potential for data breaches and operational disruptions due to these ongoing attacks. The targeted sectors are crucial for the economy, making the successful exploitation of these vulnerabilities particularly concerning.

Apr 1, 2026

Toy Giant Hasbro Hit by Cyberattack

SecurityWeek

Hasbro, the well-known toy company, is currently investigating a cyberattack that has affected its operations. While details are still emerging, the company is looking into the possibility of compromised files, which could potentially expose sensitive information. This incident raises concerns not only for Hasbro but also for customers and partners who may be impacted by data breaches or operational disruptions. As the investigation unfolds, it will be crucial for Hasbro to communicate transparently with stakeholders and take necessary steps to secure its systems. Cyberattacks on major companies like Hasbro remind us that even well-established brands are vulnerable to security threats.

Apr 1, 2026

Anthropic Leaks 512,000 Lines of Claude AI Code in Major Blunder

Hackread – Cybersecurity News, Data Breaches, AI and More

Anthropic, the AI research company, accidentally exposed over 512,000 lines of code related to its Claude AI system. This significant leak included sensitive information about two of its projects, KAIROS and Capybara. As a result, users are being urged to switch to the Native Installer to mitigate any potential risks associated with this exposure. The incident raises concerns about data security and the safeguards in place for proprietary code, especially given the competitive nature of the AI industry. It serves as a reminder of how human error can lead to significant breaches of confidentiality and proprietary information.

Apr 1, 2026