Seth Mwabe Okwanyo, a 26-year-old who dropped out of Meru University, has been held for one day as investigations continue into his alleged involvement in a significant hacking incident.
Okwanyo was taken into custody by detectives from the Directorate of Criminal Investigations (DCI) on August 30, 2025, at his home in Nairobi.
He was subsequently brought before the Chief Magistrate’s Court at Milimani Law Courts under Miscellaneous Criminal Application No. E2362 of 2025. The application was initiated by the Office of the Director of Public Prosecutions (ODPP) through the Banking Fraud Investigation Unit (BFIU), which is actively examining the case.
The investigation centers on fraudulent transactions amounting to Ksh11,410,165, which were allegedly extracted via the Pesalink platform and funneled through accounts at Diamond Trust Bank (DTB). The complainant, Arifsend Money Transfer Limited, alerted the BFIU on July 26, 2025, regarding 53 suspicious transactions that had circumvented the firm’s internal security and fraud detection measures.
According to an affidavit from investigators, Okwanyo, who is a cybersecurity consultant with expertise in vulnerability assessment and penetration testing (VAPT), is believed to have provided fraudulent application links and detailed instructions that enabled the unauthorized transfer of funds.
During the arrest, detectives uncovered a well-equipped computer laboratory, a money counting machine, and a safe within Okwanyo’s apartment. Central Region Criminal Investigations Officer Abraham Mugambe noted that the betting firm had lodged a complaint with the DCI in July, prompting an immediate investigation by the detectives.
Mugambi noted that investigations revealed that the suspect stole the millions after he bypassed the security systems of the betting firm’s payment service provider.
“This year, in July, a report was made to the Banking Fraud Investigations Unit in Nairobi that a payment service provider had lost Ksh11.4 million through fraudulent means.
“Investigations commenced and a DCI team of experts from Banking Fraud Unit launched investigations, and they established that the fraud was done through bypassing the payment service provider security systems, and they succeeded in defrauding the complainant of Ksh11.4 million,” said Mugambe.
Mwabe, who describes himself as a cybersecurity engineer and consultant, told detectives that he dropped out of university in his second year.
The case underscores growing concerns over cyber-enabled financial fraud in Kenya, particularly involving mobile and online banking platforms. With financial institutions increasingly relying on digital channels, experts warn that insider knowledge and weak system oversight make banks vulnerable to sophisticated fraud schemes.
If charged and convicted, Okwanyo could face heavy penalties, including long-term imprisonment and asset forfeiture under Kenya’s cybercrime and anti-money laundering laws
