From Cybersecurity Pro to Cybercriminal: The Unraveling Tale of Pepijn Van der Stap

From cybersecurity pro to rogue hacker, Pepijn Van der Stap’s real-life drama beats any Netflix series. But this Dutch cybercriminal sentencing is the plot twist he didn’t expect. Four years behind bars is the season finale for mixing cybercrime with a day job. Walter Whites-in-waiting, take note – this is a series you won’t want to star in.

Hot Take:

Who needs Netflix when you’ve got real-life cyber dramas unfolding? Our main character, Pepijn Van der Stap, a former Dutch cybersecurity pro turned rogue hacker, just got hit with a plot twist: a four-year prison sentence. And let this be a lesson to all you wannabe Walter Whites out there: balancing a day job and a life of cybercrime can lead to a series finale you won’t enjoy.

Key Points:

  • Pepijn Van der Stap, a former Dutch cybersecurity professional, has been sentenced to a four-year prison term for hacking and blackmail.
  • He was involved in a series of cybercrimes targeting both domestic and international companies from August 2020 to January 2023.
  • Stap’s modus operandi involved extorting money from companies by threatening to leak stolen data online.
  • Investigators found malicious tools and stolen personal data from millions of individuals on his computer.
  • Despite his illicit activities, Van der Stap also held legitimate cybersecurity positions and claimed to have been reducing his illegal activities.

Need to know more?

From White Hat to Black Hat:

Van der Stap wasn't always on the dark side. Once upon a time, he worked for Hadrian Security and volunteered at the Dutch Institute for Vulnerability Disclosure. But alas, the allure of the dark web proved too strong, and our protagonist traded in his white hat for a black one.

Master of Disguise:

Like any good crime drama character, Van der Stap had a knack for aliases. He was known on various hacking forums as Espeon, Umbreon, Lizardom, Egoshin, Togepi, OFTF, and Rekt. But unlike Heisenberg, his secret identity wasn't secret enough to evade the law.

Every Villain Needs a Lair:

Van der Stap and his band of cyber-misfits operated on multiple hacking forums, including the now-defunct RaidForums and BreachForums. These sites were popular platforms for trading and selling stolen databases until their seizure by law enforcement agencies.

Redemption Arc or Cliffhanger?

In an interview with, Van der Stap claimed he had been reducing his blackhat hacking activities and dedicating his skills to ethical purposes. But as any binge-watcher knows, a villain's redemption arc can often lead to an unexpected cliffhanger. Watch this space, folks; the Van der Stap saga might not be over yet.
Tags: Cryptocurrency Laundering, data breach, Dutch Cybercriminal, Dutch Public Prosecution Service, Hacking and Blackmail, Legal Consequences for Hacking, Pepijn Van der Stap