US authorities have charged 36-year-old Jonathan Spalletta with masterminding a large-scale cryptocurrency theft that drained more than $53 million from the Uranium Finance decentralized exchange.

According to an unsealed indictment, Spalletta, aka “Cthulhon” and “Jspalletta,” carried out two separate attacks in April 2021. In the first incident on April 8, he allegedly exploited a vulnerability in the platform’s smart contract code, manipulating a variable to enable unauthorized withdrawals and taking about $1.4 million. Officials say he later pushed the company to classify nearly $386,000 of the stolen funds as a “bug bounty” in exchange for returning some of the assets.

On April 28, he allegedly launched a second attack where he exploited a single-character coding error that altered transaction verification parameters, allowing him to withdraw nearly 90% of the assets across 26 liquidity pools. The breach resulted in losses of approximately $53.3 million and ultimately forced Uranium Finance to shut down.

Authorities say Spalletta laundered the stolen funds through decentralized services, including the cryptocurrency mixer Tornado Cash. He allegedly used the proceeds to buy high-value collectibles. In February 2025, law enforcement agents seized the collection from his residence and recovered about $31 million in cryptocurrency linked to his wallets. Spalletta now faces up to 10 years in prison on a computer fraud charge and up to 20 years if convicted of money laundering.

In a separate case, US authorities charged ten people from four crypto firms (Gotbit, Vortex, Antier, and Contrarian) with running schemes to artificially boost cryptocurrency prices and trading volume. The suspects allegedly sold the inflated assets to investors for profit, causing financial losses. Three suspects were arrested in Singapore and extradited; two others have already pleaded guilty, and over $1 million in crypto has been seized.

Spanish police dismantle cybercrime gang that stole millions of records

The Spanish National Police have arrested two individuals accused of orchestrating large-scale cyber-attacks that stole nearly ten million confidential records. The suspects were detained in Valencia and Torreblanca (Castellón) for their alleged roles in crimes including the unlawful disclosure of secrets, computer damage, money laundering, and involvement in a criminal organization.

The group allegedly carried out extensive data breaches targeting sensitive information, including records of students, parents, and teachers. The investigation began in 2023, when authorities first uncovered evidence of a massive data theft operation. Further inquiries linked the suspects to nearly 30 similar cybercrimes.

According to police, the stolen data was allegedly used for cyber scams and identity theft, as well as sold on underground online forums. Officials described the organization as highly structured, with specialized branches handling technical operations, logistics, and financial gains.

The group reportedly used advanced technological infrastructure to breach security systems, hide their tracks, and evade detection. The group laundered illegally obtained money through cryptocurrencies, virtual exchange platforms, and international systems in European countries.

Russian military court sentences 26 members of the Flint24 carding group to prison

A military court in Russia has sentenced 26 members of the Flint24 card fraud group to prison terms ranging from 5 to 15 years, along with substantial fines. The 235th Garrison Military Court found the defendants guilty of organizing a criminal enterprise and committing a range of cyber-related crimes. In addition to prison sentences, the court imposed fines ranging from 1.15 million to 4.6 million rubles (€12000 to €48000).

Convicted in the case were the group’s alleged leader Aleksei Stroganov, aka “Flint,” and I. N. Voroshilov, a former serviceman and reserve warrant officer from a military unit in the Southern Military District.

According to the court, the group operated a website through which they sold so-called “dumps”—data used to encode the magnetic stripes of payment cards. The dumps included sensitive financial information that could be used to clone cards or conduct unauthorized transactions. During an undercover operation conducted by Russia’s Federal Security Service (FSB), members of the group sold stolen payment card details, including CVV and CVC security codes. The information was sufficient to carry out money transfers and make purchases in online stores.

In 2006, Moscow’s Lyublinsky Court sentenced Stroganov to six years in prison for participating in a carding group that produced approximately 5,000 counterfeit cards from major payment systems, including Visa, Mastercard, and American Express. The fraudulent cards were distributed across multiple countries, including Russia, Belarus, Ukraine, Poland, the Czech Republic, France, Germany, and the United States.

Ukrainian police bust crypto scam call center network, arrest 8

Ukrainian police have dismantled a criminal network in the city of Dnipro that used fake call centers to defraud victims of cryptocurrency. Eight key players have been arrested as part of the operation. Authorities say the group targeted victims through dating platforms and messaging apps and then convinced them to invest in fake crypto schemes. Many victims were foreign nationals, particularly from Kazakhstan and Lithuania.

The operation combined romance scams with advanced tech deception, including fake identities, face-swapping video calls, and controlled crypto wallets to simulate profits. Victims were persuaded to invest increasing sums, with more than $2 million ultimately funneled to the suspects.

After the initial deposit, victims were passed to so-called “mentor-analysts,” who gained access to victims’ mobile screens, captured confidential data, and effectively took control of crypto wallets. All assets were then transferred to accounts controlled by the criminals.

The organization ran as a structured operation with defined roles, internal security, and dedicated teams tasked with finding and communicating with victims and robbing them of funds. The group used anonymous accounts, foreign SIM cards, private Telegram channels, and underwent internal checks, including polygraph tests. Offices were equipped with surveillance systems and access control, authorities said.

During raids, police seized cash, luxury cars, and digital equipment. The suspects now face up to 12 years in prison if convicted.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Germany issues international warrant for suspected GandCrab/REvil kingpins

German authorities have identified two Russian nationals suspected of orchestrating large-scale ransomware attacks that caused hundreds of millions of euros in damages worldwide. The suspects are now the subject of international arrest warrants.

Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to be key members of the notorious cybercrime groups GandCrab and REvil, which were among the most prolific ransomware gangs between 2018 and 2021. The operations involved infiltrating corporate networks, encrypting sensitive data, and demanding ransom payments. Authorities believe Shchukin was a ringleader and Kravchuk was a lead programmer within the gang.

In Germany alone, authorities have linked the groups to attacks on approximately 130 companies and institutions, including medical technology firms and the Württemberg State Theatre in Stuttgart. The estimated damages reached €35 million. In 25 documented cases, victims paid ransoms totaling around €1.8 million.

REvil was also behind multiple high-profile ransomware incidents, including the 2021 attack on US-based IT company Kaseya, which disrupted operations for businesses in at least 17 countries. In 2024, an affiliate of REvil was sentenced in the US to over 13 years in prison.

Earlier this year, a Stuttgart court sentenced a 46-year-old Ukrainian man to seven years in prison for extortion and computer sabotage. He had been arrested in Bratislava in 2024 and later extradited to Germany.