Sri Lanka Investigates Cyber Attack That Diverted 2.5 Million Dollars From Debt Payment Account

Sri Lanka has opened an investigation after hackers stole 2.5 million dollars from government funds meant for debt repayment. Officials confirmed that cyber criminals diverted the money from a bilateral settlement with Australia into unknown accounts.

Initially, the attack likely occurred earlier in the year. However, authorities only uncovered the full account recently.

The missing funds relate to a repayment scheduled for September 2025. Harshana Suriyapperuma, secretary to the finance ministry, explained that Sri Lanka already processed the payment before the hackers interfered. Furthermore, he stated that attackers changed payment instructions and redirected the transfer away from the intended recipient account.

Investigation Begins as Officials Face Suspension

In response, authorities suspended four senior officials from the Public Debt Management Office. Meanwhile, investigators continue to examine their involvement in the incident. Additionally, the government contacted international law enforcement agencies. As a result, they aim to trace the stolen funds and identify those responsible for the cyber attack.

Early findings show that attackers manipulated email based payment instructions. Specifically, they altered bank details during the debt settlement process. Consequently, the system transferred funds into fraudulent accounts. Notably, the breach went unnoticed at the time of execution.

Later, the issue surfaced after the Australian creditor reported non payment. Following this, officials reviewed transaction records and discovered the missing funds.

Deputy finance minister Anil Jayantha Fernando stated that cyber criminals also attempted to interfere with a payment to India. Moreover, that second attempt exposed irregular bank account details. Therefore, it confirmed that a breach had occurred.

Authorities now examine how internal controls failed to detect the interference earlier. In addition, they are reviewing financial safeguards across the payment system. They are also assessing whether staff followed proper verification procedures during the transfer. Meanwhile, recovery efforts continue, although officials admit that tracing the funds remains difficult.

Matthew Duckworth, the Australian High Commissioner in Colombo, confirmed that Canberra is aware of the situation. Furthermore, he noted that Australian authorities are cooperating with Sri Lankan investigators. Both sides continue to share information in order to support the investigation and improve tracking of the stolen funds.

This cyber attack comes at a sensitive time for Sri Lanka. The country is still recovering from its 2022 economic crisis. At that time, Sri Lanka defaulted on 46 billion dollars in external debt after it ran out of foreign exchange reserves.

Consequently, the country struggled to pay for essential imports such as food, fuel, and medicine. This situation triggered shortages and widespread public unrest.

Subsequently, mass protests forced former President Gotabaya Rajapaksa to step down. Since then, the government has worked to restore confidence in financial management systems. In addition, it has focused on improving oversight in public finance operations. However, the latest cyber attack raises fresh concerns about digital safety in government transactions.

Earlier this year, the central bank and finance ministry launched a public awareness campaign on online scams. They warned citizens about rising cyber fraud risks. Now, this incident highlights that similar threats also exist within official institutions.

As investigations continue, authorities plan to review all payment systems linked to external transfers. Furthermore, they intend to introduce stronger verification steps to prevent unauthorized changes. Ultimately, officials hope these measures will reduce vulnerabilities in the system.