As it turned out, Mr. Hutchins had dabbled in the dark arts as a minor, continuing up until the age of 20, when he reversed course and dedicated himself to legitimate activities, like research. The United States attorney in the Eastern District of Wisconsin charged him with writing and conspiring to sell malware — specifically, the Kronos banking trojan, known to have attacked banks in France, Britain and India. The case has dragged out for two years, amid complex legal questions that could have been appealed. But Mr. Hutchins had no stomach for an interminable fight and pleaded guilty last week to two counts under the Computer Fraud and Abuse Act and the Wiretap Act , each carrying a maximum sentence of five years’ imprisonment.

The acts that he has pleaded to are ignoble. Kronos did serious damage, and in his plea agreement, Mr. Hutchins acknowledges that he was a witting conspirator to sell the malware. Neither does he attempt to raise the defense that his “black hat” past was necessary to become a “white hat” hero, even if that line resonates with the hacker community and popular culture at large. According to his lawyers, he rejects that line of thinking, calling it “a misnomer.”

Mr. Hutchins is not likely to receive a heavy sentence, but even a sentence without any prison time will come with consequences. He has been released on bail since 2017, residing in the United States on an expired tourist visa while waiting for his case to be resolved. That in itself will likely make it difficult to return to the United States in the future, and the felony will hamper his movements further.

If he hadn’t risen to global prominence, Mr. Hutchins would most likely have never been charged with his crimes. His conviction sends the wrong message about whether or not it pays to mend your ways and, when the moment comes, to do the right thing.

As the world comes to rely on computer systems more and more, cybersecurity is increasingly a matter of life and death. But we only rarely see expertise deployed in an indisputably heroic way, amid rerouted ambulances and disabled hospital telephone lines. WannaCry never struck the same kind of havoc in the United States that it did in Britain, and we have Mr. Hutchins to thank for it.