Additionally, the two charges to which Hutchins has pleaded guilty, as part of a plea deal, ahead of a trial set for 8 July in Milwaukee, each carry penalties of US$250,000 in fines and a US$100 special assessment.
Hutchins said in a statement on Friday: "As you may be aware, I’ve pleaded guilty to two charges related to writing malware in the years prior to my career in security. I regret these actions and accept full responsibility for my mistakes.
"Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks."
He gained the attention of the world when he stopped the spread of the WannaCry ransomware by accident in May 2017.
In his plea agreement, Hutchins said he had create two malware applications, Kronos and UPAS-Kit, along with an unnamed conspirator who advertised and sold the malware.
He also admitted to providing Kronos to someone in California who he knew was using malware to gain unauthorised access to digital devices.
An FBI employee bought UPAS-Kit in 2012 for US$1500 after it was advertised in online forums.
Thanks to The Register for a link to Hutchins' plea agreement.