Cybercrime is no longer a foreign concept in Kenya. In recent years, the rise of betting, mobile money platforms, and online banking has created fertile ground for fraudsters. Among the latest names to dominate headlines is Seth Mwabe, a 26-year-old former Meru University student accused of masterminding a daring KSh 11.4 million cyber heist. His story is both fascinating and controversial—raising questions about where to draw the line between ethical hacking, cyber innovation, and outright crime.

Seth Mwabe was born in the late 1990s and grew up in Kenya during a period when digital transformation was just starting to sweep across the country. He joined Meru University of Science and Technology, where he pursued studies in Information Technology. While on campus, Mwabe developed a strong interest in cybersecurity and ethical hacking, areas that are increasingly important in Kenya’s digital economy.

Fellow students and online followers recall him as a curious mind who was always tinkering with codes, servers, and penetration-testing tools. At some point, he ran a small blog where he wrote about ethical hacking practices, loopholes in digital platforms, and ways organizations could strengthen their cyber defenses.

Unfortunately, his academic journey was cut short. He dropped out of university around 2017, but his passion for technology continued to grow. With no formal employment, Mwabe turned into a self-taught cybersecurity consultant, reportedly offering penetration testing and system audits for small businesses.

By 2017, Mwabe had built a reputation among his peers as a skilled coder who could bypass systems for testing purposes. He studied vulnerabilities like SQL injections, phishing scams, brute force attacks, and social engineering. According to reports, he frequently referred to himself as a “cybersecurity researcher,” insisting that his work was meant to expose loopholes rather than exploit them.

Yet, as many observers point out, the thin line between testing and exploiting vulnerabilities can blur. And in 2025, his name would be associated with one of the most daring cyber heists in Kenya’s betting industry.

In August 2025, detectives from the Directorate of Criminal Investigations (DCI) revealed that Mwabe had hacked into a popular betting platform’s payment system. Using advanced penetration tools, he allegedly rerouted KSh 11.4 million into his personal account.

The operation was not a spontaneous act. Investigations show Mwabe had spent years studying the payment gateway’s vulnerabilities, carefully building tools that would allow him to slip past firewalls and authentication processes. It is believed that he created scripts to automate fund transfers, disguising them as legitimate transactions.

The money trail eventually drew attention. Within days, the DCI’s Cybercrime Unit traced the suspicious transactions to his residence in Tatu City, Kiambu County, where he was arrested on August 30, 2025.

What shocked investigators was not just the stolen funds, but Mwabe’s highly sophisticated setup. Inside his home, officers found:

It was a scene straight out of a Hollywood cyber-thriller. To the DCI, it was proof that Mwabe’s operation had been long in the making—possibly dating back seven years.

Despite the evidence, Seth Mwabe has strongly denied being a criminal. In court, he claimed that he never intended to steal the money. According to him, the funds ended up in his account as a result of software testing gone wrong. He even told the court he had been preparing to return the money when he was arrested.

His defense paints him as an ambitious but misunderstood innovator—someone who wanted to help organizations secure their systems but lacked the formal structures and mentorship to do so.

Mwabe was arraigned at the Milimani Law Courts on September 1, 2025. The prosecution requested that he be detained for 20 days to allow further investigations under the Computer Misuse and Cybercrimes Act.

Charges include:

If convicted, he could face long-term imprisonment and heavy fines.

Mwabe’s case has ignited debate in Kenya. To some, he is a cybercriminal who exploited weaknesses for personal gain. To others, he is a talented young innovator failed by Kenya’s education and innovation system.

Kenya has struggled with similar cases before, where young IT experts end up on the wrong side of the law due to lack of structured pathways to practice ethical hacking legally. Critics argue that instead of throwing such talent into jail, the government should build programs that integrate them into national cybersecurity efforts.

The Seth Mwabe saga exposes several realities:

The biography of Seth Mwabe is more than just the story of a young man accused of stealing KSh 11 million. It reflects the wider struggle of a nation adapting to a digital economy, where cyber fraud threatens financial stability, but where untapped talent also exists in abundance.

Whether history remembers Mwabe as a criminal or a misunderstood innovator will depend on the outcome of his trial. For now, he stands as the face of Kenya’s cybercrime dilemma—brilliant, daring, and dangerously misunderstood.