Sri Lankan authorities have launched a full criminal investigation after a sophisticated cyber attack on the nation’s finance ministry computer systems resulted in the theft of $2.5 million, funds that had been allocated for a bilateral debt repayment to Australia, senior government officials confirmed this week.
The stolen sum was marked for a debt settlement scheduled for September 2025, and investigators have traced the unauthorized diversion of the funds to January of this year, though details of the breach have only recently come to light amid ongoing investigative work.
Addressing reporters on Thursday, Harshana Suriyapperuma, secretary of Sri Lanka’s finance ministry, laid out the sequence of events: “Even though Sri Lanka had made the due payments, the cyber criminals had intervened and diverted it to other bank accounts, instead of the intended recipient.”
In response to the breach, four senior officers from the nation’s Public Debt Management Office have been placed on suspension, and Sri Lankan authorities have requested support from international law enforcement agencies to track down the perpetrators and recover the stolen funds. While the full technical details of how hackers accessed the payment system remain unconfirmed, lead investigators believe the attackers altered email-based payment instructions embedded in the sovereign debt payment workflow.
The missing funds went undetected until officials from the Australian creditor reached out to notify Sri Lankan authorities that the scheduled payment had never arrived in their account. Deputy finance minister Anil Jayantha Fernando added that the full scale of the heist only came into focus when the same cyber criminals attempted to alter payment details for a separate upcoming debt payment due to India, triggering internal red flags over the modified bank account information.
This high-profile cyber attack comes as a major new setback for Sri Lanka, which is still in the slow process of recovering from a devastating 2022 economic collapse that pushed the nation to the brink of bankruptcy. During that crisis, Sri Lanka exhausted its foreign exchange reserves, defaulted on $46 billion in outstanding external debt, and was forced to ration critical imports including food, fuel, and pharmaceutical supplies. Widespread public anger over the shortages erupted into mass anti-government protests that forced the resignation and ousting of then-president Gotabaya Rajapaksa in July 2022.
Matthew Duckworth, Australian High Commissioner to Sri Lanka, confirmed this week that Canberra has been notified of the irregularities in the debt payment process. “Sri Lankan authorities are investigating the matter and are coordinating with Australian officials, who are assisting the investigation,” Duckworth stated in a post on the social platform X.
Notably, the breach comes just months after Sri Lanka’s central bank and finance ministry rolled out a national public awareness campaign in local newspapers, warning citizens and government stakeholders about the growing risk of cyber scams, according to reporting from Agence France-Presse. Investigators are currently conducting a full review of existing financial control mechanisms to identify gaps that allowed the heist to proceed undetected for months, while continuing efforts to trace and recover the stolen $2.5 million.