Tag: Business – Decrypt

Tether announced Tuesday that the USAT stablecoin is expanding to the Celo blockchain, an Ethereum layer-2 scaling network, marking the regulated digital dollar’s first deployment beyond the Ethereum mainnet.

The launch will bring USAT—a stablecoin issued by Anchorage Digital and targeted at the U.S. market—to Celo, with Google Cloud providing infrastructure support alongside plans for the stablecoin to serve as a gas currency on the layer-2 network.

“More than 566 million people globally use USDT as a reliable way to access and move dollars, particularly in markets where traditional financial infrastructure falls short. Expanding USAT to Celo builds on that foundation by bringing regulated digital dollar infrastructure into one of the most active on-chain economies today,” said Tether CEO Paolo Ardoino, in a statement.

“This is how we continue to extend access to trusted, programmable money at a global scale,” he added. “What matters now is ensuring these systems are accessible in the environments where people are already transacting every day.”

Celo brings significant mobile reach through Opera MiniPay’s 14 million wallet users globally. Celo co-founder and CEO Rene Reinsberg called the launch “a powerful validation of the infrastructure we’ve spent years building,” highlighting Tether’s selection of Celo for its first layer-2 deployment for USAT following its initial January rollout on Ethereum.

The technical implementation includes a mainnet faucet system enabling verified users to access USAT through privacy-preserving proof-of-humanity verification developed with Self and Google Cloud. Following deployment, Celo governance will begin the process to enable USAT as a gas currency on the network.

“By bringing USAT to Opera MiniPay’s millions of mobile-first users, we are showing what the next generation of financial access looks like: trusted, compliant, and instantly available,” said Celo co-founder Rene Reinsberg, in a statement.

Deloitte performed the first USAT attestation report, released earlier this month, showing that the firm had $17.6 million in reserves—comprised of cash and U.S. Treasuries—backing about $17.5 million in tokens as of January 31.

Tether’s flagship USDT stablecoin, which leads the industry with an $184 million market cap, has never had a full independent audit from one of the “Big Four” accounting firms. However, last week, Tether said that it had signed one of the firms for an audit, but did not reveal which firm would do it. A subsequent Financial Times report said KPMG would conduct the audit.

Editor’s note: This article was updated after publication for clarity.

Stablecoin velocity has now doubled in the past two years, with coins changing hands an average of six times per month, Standard Chartered flagged in a note Tuesday morning.

That’s prompted the bank to revisit a key assumption behind its stablecoin market forecast. Geoff Kendrick, global head of digital assets research at the bank, said that’s out of sync with the bank’s longstanding forecast. Standard Chartered has predicted that the stablecoin market will reach $2 trillion in total market cap by the end of 2028—and it was premised on velocity remaining stable.

Higher velocity, in theory, means fewer coins are needed to support the same volume of transactions, Kendrick wrote. But he stands by the $2 trillion forecast for 2028.

“The good news is that these new use cases are, so far, additive to overall stablecoin transactions. Furthermore, the higher velocity of these use cases has not impacted the low-velocity [emerging markets] savings use case,” he wrote.

Kendrick found that it’s USDC that has driven new use cases for stablecoins. The Circle-issued token, which accounts for roughly 25% of the market, began decoupling from Tether’s USDT in mid-2024 as it started displacing traditional banking rails—a trend that accelerated after the GENIUS Act established a federal regulatory framework for stablecoins last summer.

Then, starting in October 2025, USDC velocity on Solana and Base surged sharply. Kendrick attributes that second leg to early AI agent payments via x402, an open-source payment protocol developed by Coinbase. Those volumes have since pulled back, the bank notes, suggesting the initial surge may have been transient.

“As a result, our $2 trillion market estimate for end of 2028 remains intact,” Kendrick wrote, “but we will watch stablecoin velocity more closely going forward, as we think it is a key input.”

He added that USDT’s velocity, dominated by lower-turnover emerging-market savings, has remained comparatively stable. The two market leaders, the note argues, have diverged by use case: emerging market savings for USDT, TradFi replacement for USDC.

Anthropic didn’t mean to open-source Claude Code. But on Tuesday, the company effectively did—and not even an army of lawyers can put that toothpaste back in the tube.

It started with a single file. Claude Code version 2.1.88, pushed to the npm registry in the early hours of Tuesday morning, shipped with a 59.8MB JavaScript source map—a debug file that can reconstruct the original code from its compressed form. These files are generated automatically and are supposed to stay private. But a single line in the ignore settings let it go out with the release.

Intern and researcher Chaofan Shou, who appears to be among the first to spot the file, posted a download link to X around 4:23 a.m. ET, and watched 16 million people descend on the thread. Anthropic yanked the npm package, but the internet had already archived 512,000 lines of code across 1,900 different files that make up a major part of the project.

“Earlier today, a Claude Code release included some internal source code. No sensitive customer data or credentials were involved or exposed,” an Anthropic spokesperson told Decrypt. “This was a release packaging issue caused by human error, not a security breach. We’re rolling out measures to prevent this from happening again.”

The leak exposed the full internal architecture of what is arguably one of, if not the most sophisticated AI coding agent on the market: LLM API orchestration, multi-agent coordination, permission logic, OAuth flows, and 44 hidden feature flags covering unreleased functionality.

Among the finds: Kairos, an always-on background daemon that stores memory logs and performs nightly “dreaming” to consolidate knowledge. And Buddy, a Tamagotchi-style AI pet with 18 species, rarity tiers, and stats including debugging, patience, chaos, and wisdom. There’s a teaser rollout for this “Buddy” apparently planned for April 1-7.

Then there’s the detail that made everyone on Hacker News cackle. Per leaker Kuberwastaken, buried inside the code was “Undercover Mode”—a whole subsystem designed to prevent the AI from accidentally leaking Anthropic’s internal codenames and project names when contributing to open-source repositories. The system prompt injected into Claude’s context literally says: “Do not blow your cover.”

Apparently, Anthropic began issuing DMCA takedowns against GitHub mirrors. That’s when things got interesting.

A Korean developer named Sigrid Jin—featured in the Wall Street Journal earlier this month for having consumed 25 billion Claude Code tokens—woke up at 4 a.m. to the news. He sat down, ported the core architecture to Python from scratch using an AI orchestration tool called oh-my-codex, and pushed claw-code before sunrise. The repo hit 30,000 GitHub stars faster than any repository in history.

It’s basically a translation of all the code from the original language to Python, so technically not the same thing, right? We’ll leave that to lawyers and tech philosophers.

The legal logic here is sharp. Gergely Orosz, founder of The Pragmatic Engineer newsletter, argued in a post on X: “This is either brilliant or scary: Anthropic accidentally leaked the TS source code of Claude Code. Repos sharing the source are taken down with DMCA. BUT this repo rewrote the code using Python, and so it violates no copyright & cannot be taken down!”

It’s a clean-room rewrite. A new creative work. DMCA-proof by design.

The copyright angle gets thornier when considering the legal status of AI-generated work, and how muddy the criteria gets when lawyers have to rule whether or not it carries automatic copyright. The DC Circuit upheld that position in March 2025, and the Supreme Court declined to hear the challenge.

If significant chunks of Claude Code were written by Claude itself—which Anthropic’s own CEO has implied—then the legal standing of any copyright claim gets murkier by the day.

Decentralization adds another layer of permanence. The account @gitlawb mirrored the original code to Gitlawb, a decentralized git platform, with a simple message: “Will never be taken down.” The original remains accessible there. A separate repository has compiled all of Claude’s internal system prompts, which is something that prompt engineers and jailbreakers will appreciate as it gives more insights into the way Anthropic conditions its models.

This matters beyond the drama. DMCA takedowns work against centralized platforms. GitHub complies because it has to. Decentralized infrastructure—which powers Gitlawb, torrents, and cryptocurrency itself—doesn’t have the same single point of failure. When a company tries to pull something back from the internet, the only question is how many mirrors exist and on what kind of infrastructure. The answer here, within hours, was: enough.

Publicly traded Bitcoin treasury firm Nakamoto Holdings (NAKA) sold around $20 million worth of Bitcoin in an effort to improve its balance sheet and financial flexibility, but its stock fell to a fresh low early Tuesday following the late Monday announcement.

The firm reported a fourth quarter loss of $142.6 million in fair value of its digital assets amid Bitcoin’s downward slide, while also registering a $10.8 million investment loss thanks to its investment in another Bitcoin treasury firm, Metaplanet. 

“Nakamoto Holdings entered 2025 with the mandate to launch a public, Bitcoin-native enterprise and executed that vision through the merger with KindlyMD in August 2025,” said the firm’s CEO David Bailey, in a statement. 

“We established a robust Bitcoin treasury, built a scalable capital strategy, and, with the acquisitions of BTC Inc and UTXO, transitioned into a fully integrated Bitcoin operating business with the scale and infrastructure to drive sustained growth,” he added. 

The firm’s acquisitions, both completed in February, added to Nakamoto’s Bitcoin exposure, providing it a media and events firm in the Bitcoin ecosystem (BTC Inc) and public and private asset and capital management services via UTXO Management. Both companies had also been founded by Bailey.

Despite its Bitcoin sales, the firm ended the year with 5,342 Bitcoin in its treasury, valued around $359 million at the time of writing. At the end of the year, the firm was down around $166 million on its Bitcoin holdings, as the top crypto asset had fallen sharply from its October high of $126,080. 

With a reported weighted average purchase price of $118,171, it’s estimated that the firm is now down around $275 million on its Bitcoin holdings as BTC changes hands around $66,693 on Tuesday, 47% off its all-time high mark. 

“Our focus now is on strengthening our operating businesses, scaling revenue-generating initiatives, and building infrastructure for a unified Bitcoin company,” Nakamoto COO Amanda Fabiano said, in a statement. “By combining operating income with disciplined capital allocation, we aim to reinvest into growth initiatives and Bitcoin accumulation while strengthening Nakamoto over time.”

The firm, which raised more than $700 million to build a digital asset treasury focused on Bitcoin, is still focused on a long-term commitment to crypto’s largest asset but it has been subject to a volatile first year. 

While warning shareholders of some of that volatility amid its business transition and the unlocking of some shares, Bailey notably encouraged short-term investors in the business to sell their positions. 

“For those shareholders who have come looking for a trade, I encourage you to exit,” he wrote in a shareholder letter published in September. 

Shares of the firm are trading around 3.3% higher on Tuesday, recently changing hands around $0.217. That mark is down nearly 80% in the last six months. Earlier Tuesday, shares fell to $0.211, the firm’s lowest price to date.

Analysts at investment bank Benchmark initiated coverage of Cantor Equity Partners II on Tuesday, assigning a “Buy” rating to the firm that’s expected to merge later this year with Miami-based tokenization specialist Securitize.

The analysts described Securitize as “compelling pure-play investment on tokenization” that’s building a foundation for tomorrow’s capital markets through its end-to-end platform for digital representations of real-world assets like stocks and bonds. 

Benchmark analysts penciled in a $16 price target for Securitize, a projection that hinges on the firm’s ability to generate $178 million in sales by the end of next year. That involves widening its competitive moat through blue-chip partnerships, the analysts added. 

Benchmark’s assessment reflects an optimistic outlook for Securitize following a bevy of listings for crypto-related firms last year, amid tepid market conditions that have reportedly stalled similar moves among crypto-native firms like Kraken.

When Securitize signaled last October that it plans to debut on the Nasdaq via a merger with blank-check firm Cantor Equity Partners II (CEPT), the deal valued Securitize at $1.25 billion. On Tuesday, CEPT changed hands around $11, according to Yahoo Finance.

Benchmark analyst Mark Palmer has confidence in Securitize’s ability to hit that mark because there’s “a great deal of visibility with regard to the company’s future revenue streams,” including origination fees from companies tokenizing assets and recurring revenue from servicing costs.

“I think there’s a massive disruptive potential as it pertains to traditional finance and the ways in which capital markets have functioned up to this point,” he told Decrypt. “The concept here really is better and faster across the board, and I think it’s just a matter of time before the market begins to recognize the benefits both in terms of efficiency and settlement times.”

When Circle’s stock soared upon its Wall Street debut last year, analysts lauded the moment as indicative of investors’ growing interest in stablecoins. While dollar-pegged stablecoins have the potential to pressure payment incumbents, Palmer argued that the stakes are higher with Securitize because its platform effectively bypasses legacy clearing infrastructure like DTCC.

Last week, Securitize and the New York Stock Exchange said that they would collaborate on a platform for tokenized securities rooted in round-the-clock trading, underscoring efforts to modernize financial markets in line with the SEC’s vision for “Project Crypto.”

Some influential institutions are still warming up to tokenization, but BlackRock CEO Larry Fink has touted the technology publicly as the “next generation of markets” since 2022. Years later, the world’s largest asset manager led a $47 million strategic funding round in Securitize.

Benchmark analysts noted that Securitize’s platform already underpins BlackRock’s BUIDL, the industry’s largest tokenized money-market fund. Valued at $2.2 billion on Tuesday, the fund exists across eight networks, with a lion’s share issued on Ethereum and Solana.

Figure Technologies debuted on the Nasdaq last September. Although the company’s business focuses on turning Home Equity Lines of Credit (HELOCs) into tokenized assets, Palmer noted that Securitize “is not focused on a particular vertical or industry.” As a result, the firm’s total addressable market could be defined as $300 trillion in real-world assets, he said.

“Securitize is really focused on providing the process behind tokenization, from origination through servicing, in a way that’s applicable to a breadth of industry vertices,” he said. “That’s one of the things that distinguishes it.”

Blockchain infrastructure provider Uniblock has raised $5.2 million to operate a “managed infrastructure layer” across more than 300 blockchains, addressing a routing and failover problem that CEO Kevin Callahan said “should be solved once, not rebuilt by every team.”

The funding round, which brings total capital raised to $7.5 million, included participation from SBI, AllianceDAO, CoinSwitch, Blockchain Founders Fund, Hustle Fund, AAF Management, NGC Ventures, and strategic investors Alchemy and MoonPay, according to a company announcement shared with Decrypt.

The platform provides access to over 3,000 APIs through a single connection, with patented auto-routing handling provider selection, failover, and data normalization across 55 data partners.

Named customers running production workloads include Plume Network, Stellar Blockchain, Hypernative, Oku Trade, nReach, and Apechain, with Plume and Apechain operating Uniblock as their managed RPC infrastructure through ecosystem partnerships. The company reports 3,000 projects and 4,000 developers currently using the platform, which launched AI-native developer tools including an MCP server, LLM-optimized documentation, and agent skills for Cursor, GitHub Copilot and other AI coding environments.

“We’re watching two shifts happen at once. Fortune 500 companies are bringing production workloads to blockchain, and AI agents are starting to read and write chain data autonomously,” Callahan said in the announcement, which noted mainstream adoption signals including Stripe’s $1.1 billion acquisition of Bridge for stablecoins and prediction market odds appearing on legacy media broadcasts.

Uniblocks fundraise comes amid broader industry efforts to address multi-chain infrastructure challenges, with the Ethereum Foundation backing an “Economic Zone” initiative in February to solve fragmentation issues across the ecosystem’s growing number of Layer-2 networks.

Google researchers warned Tuesday that advances in the field of quantum computing could threaten the cryptographic systems underpinning cryptocurrencies and other digital infrastructure sooner than expected.

It has demonstrated that future quantum computers may be able to break elliptic curve cryptography—a cornerstone of modern digital security—using fewer qubits and computational steps than previously believed.

“We want to raise awareness on this issue and are providing the cryptocurrency community with recommendations to improve security and stability before this is possible, including transitioning blockchains to post-quantum cryptography (PQC), which is resistant to quantum attacks,” Google researchers said in a blog.

Elliptic curve cryptography, particularly ECDSA over the secp256k1 curve, underpins the security of major blockchain networks, digital wallets and vast swathes of internet infrastructure. If quantum systems reach the scale needed to exploit these vulnerabilities, an event often referred to as “Q-Day,” then encrypted data, financial systems and identities could be exposed.

A quantum “breakthrough”?

Quantum computers operate differently from classical machines. They use quantum bits, or qubits, which can exist in multiple states simultaneously. Algorithms such as Shor’s algorithm theoretically allow sufficiently powerful quantum systems to solve the elliptic curve discrete logarithm problem (ECDLP), which secures cryptographic keys today. Until now, estimates of the resources required suggested such attacks were still far off.

The report also outlines mitigation strategies, emphasizing that post-quantum cryptography is already well understood and deployable, though difficult to implement at scale. Transitioning blockchain systems, rotating keys, and avoiding reuse or exposure of public keys are among the recommended steps.

Justin Drake, a Bitcoin security researcher, described the findings as a “breakthrough” in a tweet. “My confidence in q-day by 2032 has shot up significantly,” he said, adding that “there’s at least a 10% chance that by 2032 a quantum computer recovers a secp256k1 ECDSA private key from an exposed public key” by that date.

“While a cryptographically-relevant quantum computer (CRQC) before 2030 still feels unlikely, now is undoubtedly the time to start preparing,” he added.

Quantum computers and Bitcoin

The debate around quantum risk is increasingly marked by tension between technical caution and what some researchers describe as “FUD” (fear, uncertainty and doubt). While the new results reduce theoretical barriers, building a fault-tolerant quantum computer capable of executing these attacks remains an enormous engineering challenge.

Shiv Shankar, CEO of Boundless, told Decrypt the rising concern should be viewed in context. “The risk is going up but this was expected. As we get closer and closer to a target date for full migration to PQC, the confidence in that timeline generally goes up. There’s no cause for panic. The smartest and most brilliant minds in the world are active on this problem,” he said.

He added it’s also not a blockchain-specific issue. “If quantum computers actually recover a set private key within this timeline, the whole of the internet is at risk, and that means there is a larger piece at stake. I think it’s actually quite exciting. It also means the entire internet as we know it gets upgraded which puts zero knowledge front and center of this conversation,” he said.

Analysts at Bitfinex told Decrypt the risk should be understood as a long-term engineering challenge rather than an immediate existential crisis.

“Quantum computing represents a genuine engineering challenge for the cryptocurrency industry, but it is far from an existential threat in the current form,” they said.

Bitcoin and other protocols’ cryptographic foundations “were always understood to have a finite shelf life,” they said, adding that, “the current debate is not a surprise to anyone who has been paying attention. What matters is that the industry is already moving.”

The analysts said Justin Drake’s warning should be taken seriously but not interpreted as imminent danger. “Drake’s framing is measured and worth taking seriously,” they said, calling a 10% probability of Q-Day by 2032 “a call to act with appropriate urgency.” Even faced with an uncertain timeline, they added that they “would broadly agree with the sentiment that now is the time to prepare.”

The U.S. Department of Labor has released a proposed rule that would give 401(k) fiduciaries a safe harbor when considering alternative investments, including funds that invest in cryptocurrencies and other digital assets.

Under the proposal, fiduciaries that undergo review for performance, fees, liquidity, valuation, benchmarking, and complexity would get a safe harbor if they follow that process. It was released for public inspection through the Federal Register on Monday and is scheduled for formal publication by Tuesday.

The proposed rule carries out a directive from President Donald Trump in August last year to expand access to alternative assets in 401(k) plans, including investment vehicles with exposure to crypto.

Americans held roughly $10.1 trillion in 401(k) plans as of the end of 2025, part of a broader $14.2 trillion defined contribution market, according to data from the Investment Company Institute.

Drawing on older data, the Labor Department pegs the participant-directed market at $8.8 trillion across roughly 721,000 plans.

Only 4% of defined contribution plans offered alternative investments last year, with just 0.1% of assets allocated to them, per data cited in the proposal.

Safe harbor, hard choices

The proposal follows the Labor Department’s decision last May to rescind Biden-era guidance that had urged fiduciaries to exercise “extreme care” before adding crypto to 401(k) menus, a standard the agency said went beyond what the federal law governing retirement plans requires.

“Retirement funds are the holy grail for bitcoin enthusiasts looking for new investors: oceans of cash, tax-advantaged,” Andrew M. Bailey, Senior Fellow at the Bitcoin Policy Institute, told Decrypt.

But retirement plans carry a built-in tension, Bailey noted.

“Their horizons—decades, not months or years, make them well-suited for long-term investment in new technologies,” he said. “Their approach to risk and tight regulations pulls them in the opposite direction.”

While risk aversion could “steer retirees away,” rule changes “that empower savers to make their own choices” would be welcome, he said.

Once the rules are settled, the harder question is whether savers will actually bite, Bailey opined.

“A secondary effect to watch is equity-based investment vehicles for bitcoin, like Strategy’s preferred stock offerings,” Bailey said. Whether direct 401(k) exposure would cannibalize demand for such products or prove complementary remains an open question, he noted.

The proposal places digital assets “on the same playing field” as other alternative investments, Joshua Chu, lawyer, lecturer, and co-chair of the Hong Kong Web3 Association, told Decrypt.

“If a fiduciary can document a robust process on fees, liquidity, valuation and complexity, they now have a clear safe harbor roadmap instead of a regulatory minefield,” he said.

With it, retirement savers can get “a taste of alternative-asset alpha without the plan sponsor hiding under the desk every time Bitcoin sneezes,” he added.

Still, fiduciaries would need to build “daily pricing, liquidity, and risk controls” for crypto inside 401(k) wrappers before any of it reaches a retiree’s account, he added.

The proposal could put U.S. retirees ahead of most Asian savers in accessing regulated crypto exposure, Chu noted, citing how Hong Kong’s pension system and China’s trading ban still keep digital assets out of retirement accounts.

Bitcoin is holding around $66,000, as U.S. President Donald Trump reportedly pivoted towards prioritizing an exit from the Iran war.

According to administration officials cited by The Wall Street Journal, Trump is willing to end the U.S. military campaign against Iran even if the Strait of Hormuz remains largely closed. Per the WSJ, Trump has decided the U.S. should achieve its main goals of hobbling Iran’s navy and missile stocks, winding down hostilities while applying diplomatic pressure on Tehran to resume free trade. If that fails, Washington would press European and Gulf allies to take the lead on reopening the chokepoint.

At a White House press briefing Monday, Press Secretary Karoline Leavitt told reporters that ensuring safe passage for oil tankers through the strait is not one of the “core objectives” of the campaign.

In a Truth Social post Monday, Trump reiterated threats to target Iran’s energy infrastructure “and possibly all desalinization plants” if the strait is not “Open for Business” following “serious discussions” with the Iranian regime.

Trump’s pivot reflects his broader strategic approach rather than a change of intent, Erik Amirbai Lang, co-founder of movement-driven cryptocurrency project N4T, told Decrypt.

From the outset, his actions signaled pressure and deterrence rather than commitment to a prolonged conflict, given his reluctance to accept U.S. casualties and preference for deal-making over military escalation, Lang argued. Economic costs, risks to global markets, and lack of domestic backing constrained deeper involvement, with initial actions aimed at demonstrating strength to reduce the need for further escalation, he added.

The S&P 500 and the broader financial markets noted immediate gains following this development, but have since slid lower. Bitcoin remains fairly steady, closely hugging $66,000, the lower limit of its near-two-month consolidation phase.

It is currently priced at around $66,600, down 1.6% over the past 24 hours, and roughly 7% over the past week, according to data from price aggregator CoinGecko. On prediction market Myriad, owned by Decrypt‘s parent company Dastan, users remain pessimistic on Bitcoin’s prospects, putting a 61% chance on its next move taking it to $55,000 rather than $84,000.

Despite the potential easing around the geopolitical front, oil is up 48% since the war began, raising high inflation concerns. Markets have assigned a 97.4% probability that the Federal Reserve will keep the rates unchanged at the next meeting on April 29, according to data from the CME FedWatch tool.

If a rapid de-escalation of the Middle East conflict comes to fruition, it “could unlock a strong risk-on rally,” Lacie Zhang, research analyst at Bitget Wallet, told Decrypt. In such a case, Bitcoin could move above $90,000, with Ethereum following, retesting the $2,700 to $2,800 range, she said.

Even with an end to the Middle East conflict, Bitcoin is unlikely to embark on a bull run without “sustained institutional flows and regulatory clarity,” Zhang added.

Interestingly, Myriad users remain cautious on the geopolitical picture, assigning just a 3% chance of a ceasefire between the U.S. and Iran before April.

An alleged crypto hacker who once described digital assets as “fake internet money” is now in U.S. custody, accused of carrying out a $53 million exploit that helped bring down a decentralized exchange, in a case an expert says shows courts are taking a harder look at whether smart contract exploits can be treated as lawful.

U.S. authorities on Monday unsealed an indictment charging Jonathan Spalletta, also known as “Cthulhon” and “Jspalletta,” with computer fraud and money laundering in connection with two 2021 attacks on Uranium Finance, a decentralized exchange. 

Spalletta surrendered to authorities on Monday following the charges, now facing a maximum of 10 years on the computer fraud count and 20 years on the money laundering charge.

“Stealing from a crypto exchange is stealing—the claim that ‘crypto is different’ does not change that.”U.S. Attorney Jay Clayton said in a statement. 

The case fits into a wider effort to address DeFi exploits that combine technical loopholes with misuse of funds.

“The idea that ‘code is law’ is increasingly being tested in court,”  Angela Ang, head of policy and strategic partnerships for Asia Pacific at TRM Labs, told Decrypt. 

“Exploiting smart contract vulnerabilities may be technically possible, but that doesn’t mean that courts will view it as legally permissible—especially when paired with laundering and concealment,” she added.

The indictment alleges Spalletta carried out a first attack on April 8, 2021, exploiting a rewards-tracking bug in Uranium’s smart contracts to repeatedly drain a liquidity pool of approximately $1.4 million. 

Roughly two weeks later, he wrote to another individual, “I did a crypto heist of $1.5MM… There was a bug in a smart contract, and I exploited it… Crypto is all fake internet money anyway.”

Authorities say he later returned most of the stolen funds after negotiating with the platform, but kept about $386,000 under what prosecutors describe as a sham “bug bounty” arrangement.

On April 28, he allegedly exploited another flaw across 26 liquidity pools, obtaining about $53.3 million in crypto and leaving Uranium Finance unable to continue operating.

Between April 2021 and November 2023, Spalletta allegedly funneled around $26 million through Tornado Cash, moving funds across multiple blockchains and wallets to obscure their origin. 

Onchain sleuth ZachXBT had previously traced the laundering trail in a December 2023 report, identifying how stolen ETH was withdrawn from the mixer and routed through brokers to purchase high-value collectibles.

The collectibles included rare Magic and Pokémon cards, a Julius Caesar-era coin, and a Wright brothers artifact later carried to the moon by Neil Armstrong, according to the indictment.

Last February, law enforcement also seized crypto worth about $31 million that authorities say was tied to the alleged scheme.

When asked whether stricter auditing or insurance could have prevented the platform’s collapse, Ang said that “Stronger auditing and insurance mechanisms can reduce the likelihood and impact of exploits, but they’re not a silver bullet.” 

Organizations need a “multi-layered defense,” including “regular security audits, secure coding practices, multi-signature controls, and a strong security culture, rather than relying on any single safeguard,” she added.