Sri Lanka’s Ministry of Finance has been rocked by a sophisticated cyber fraud that resulted in the diversion of $2.5 million in government funds, money that was intended as part of a bilateral debt repayment to Australia but never reached its intended destination.
The fraud was executed through a method known as Business Email Compromise (BEC). Investigators believe that cybercriminals managed to infiltrate the email systems of the Department of External Resources (ERD) within the Treasury. By gaining access to official communication channels, the hackers monitored ongoing discussions regarding debt restructuring and repayment schedules. Virakesari
The missing sum formed part of a $22.9 million bilateral debt repayment due to Australia. Authorities state that between December 2025 and 31 January 2026, $2.5 million was transferred to a fraudulent account rather than the intended recipient. Tamil Guardian
How the Fraud Was Uncovered
The theft did not come to light immediately. It was only in January 2026 that irregularities were first flagged. Ironically, the scam was uncovered when a second attempt was made to divert a separate payment intended for a creditor in India. The sudden change in account details for the Indian transaction triggered an internal red flag, prompting a retrospective audit of all recent high-value transfers. Virakesari
The scam was also identified after Australian export finance agencies notified Sri Lankan officials that the money, which was transmitted in five installments between December 31, 2025, and March 20, 2026, had never arrived. OCCRP
Treasury Secretary Harshana Suriyapperuma confirmed the breach publicly, stating: “The hackers intervened into the communication and managed to divert funds. Law enforcement authorities are probing whether it is home grown or hacking from outside of Sri Lanka.” Bloomberg
Officials Suspended, Probe Launched
Finance Ministry Secretary Harshana Suriyapperuma acknowledged that the funds were likely diverted by a third party through compromised system access. The anomaly was detected in January 2026 during routine transaction reviews, prompting referrals to Sri Lanka’s Computer Emergency Readiness Team (SL-CERT), the Police Computer Crime Investigation Division, the Criminal Investigation Department (CID), and the Central Bank’s Financial Intelligence Unit (FIU). A multi-agency investigation is now underway. Tamil Guardian
In connection with the suspected breach, two Deputy Directors, two Directors, and the Head of the Computer Division at the Treasury have already been suspended. A Technical Investigation Committee was appointed around 24 March 2026 to examine the incident. Sri Lanka Guardian
Opposition and Civil Society Demand Independent Inquiry
The scandal has triggered sharp political backlash. Opposition leader Sajith Premadasa described the diversion as a serious breach of financial security, questioning how such a transaction could proceed without adequate verification mechanisms, and called for an independent and transparent investigation into whether safeguards across key institutions, including the Treasury and Central Bank, were bypassed. Tamil Guardian
The Free Lawyers Organisation has called for a Parliamentary investigation into the alleged diversion, in a letter to the Parliament Speaker. The letter requests that Parliament examine whether the funds had been misdirected to a computer hacker or a third party instead of the intended creditor country. ft
Critics also allege that the Central Bank of Sri Lanka had previously alerted the Treasury regarding concerns related to the bank account used in the transaction before the payment was executed, raising additional questions about whether early warning signals were adequately considered or whether procedural safeguards failed to prevent the alleged diversion. Sri Lanka Guardian
Australia Cooperates, Recovery Efforts Ongoing
The recovery of the $2.5 million remains a complex challenge. Because the funds were transferred through international banking channels, the Sri Lankan government is now coordinating with the Australian High Commission and foreign law enforcement agencies to trace the money. Australian High Commissioner Matthew Duckworth has confirmed that Canberra is assisting in the probe, emphasizing that both nations are working to ensure the stolen funds do not derail Sri Lanka’s return to debt sustainability. Virakesari
Wider Cybersecurity Concerns
Sri Lanka’s digital infrastructure and financial security are currently under intense scrutiny following this incident, which has sparked widespread debate over institutional capacity, the urgent need for skilled personnel in Government, and the overall readiness of the nation to secure its critical national information infrastructure amidst ongoing digitisation efforts. The Morning
