- Cybersecurity consultant Seth Mwabe had his court application dismissed, with investigators returning seized electronics but re‑arresting him immediately after
- He is accused of siphoning KSh 11.4 million from a betting company, allegedly using his expertise in Vulnerability Assessment and Penetration Testing (VAPT)
- Investigators claim Mwabe provided tools and instructions, including a Telegram bot link, to facilitate fraudulent transactions and personally benefited from the scheme
Seth Mwabe, a second-year university dropout, had appeared before the court on Tuesday, February 10, where his miscellaneous application was closed after the court found him with no case to answer.
Source: Twitter
The court also ordered that the items which were being held by the investigating officers be returned to him.
Why Seth Mwabe was rearrested after leaving court
The items include iPhone 16 Pro, Samsung S22, Starlink router, a MacBook M2 laptop, HP Omen Laptop and a laptop bag.
However, unknown to Mwabe, the officers were waiting for him, and shortly after he stepped outside, the officers who were on his radar arrested him.
Mwabe, who had been accused of siphoning KSh 11.4 million from a betting company, was arrested on August 30, 2025, in his Tatu City apartment in connection with the said offences.
Investigators believe he is an independent consultant in cybersecurity, specialising in vulnerability assessment and penetration testing (VAPT).
The officers alleged that he used his expertise to provide recommendations on improving system security for financial institutions and payment service providers.
It was also alleged that he was heavily involved in the fraudulent transactions and linked to the beneficiaries. Investigators further suspect that he provided instructions, including an application link (Telegram bot), which was used to siphon money from the complainant’s bank account, and that he personally benefited from the scheme.
Why officers wanted Seth Mwabe detained
Earlier, the investigating officer had sought to have the suspect detained at Capitol Hill Police Station for a period of 20 days in order to seize electronic evidence such as computers, internet routers, phone motherboards, and mobile phones for forensic examination.
They also intended to obtain user information and evidence from Telegram and Starlink companies, which operate outside Kenyan jurisdiction, as well as user profile information from the Kenya Bankers Association and other industry players.
In addition, they aimed to collect user profile information from the Core Banking System and Incident Response service providers.
They sought to secure relevant documents, including M-Pesa and bank account statements, together with account opening documents from mobile phone service providers and banks.
Mwabe’s troubles originate from a formal grievance filed by Afrisend Money Transfer Limited.
Source: Facebook
How Seth Mwabe’s woes started
On July 25, 2025, Afrisend Money Transfer Limited formally alerted the Banking Fraud Investigation Unit to a complex fraud scheme.
The company reported that, on July 16, 38 unauthorised PesaLink transactions drained KSh 11.4 million from a Diamond Trust Bank account, evading internal security checks.
Investigators suspect cybersecurity freelancer Seth Mwabe masterminded the operation, shared tools like a Telegram bot to enable withdrawals, and personally profited, prompting forensic analysis of his seized electronic devices.
Source: TUKO.co.ke
