Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Meta agrees to Indian AI data center deal as hyperscaler bolsters its infrastructure

    July 3, 2026

    Apple is reportedly planning new iPad Pro and MacBook Pro releases early next year

    July 3, 2026

    Korea taps Samsung, SK Hynix in $576 billion AI-chip drive to cement global leadership

    July 3, 2026
    Facebook X (Twitter) LinkedIn
    Trending
    • Meta agrees to Indian AI data center deal as hyperscaler bolsters its infrastructure
    • Apple is reportedly planning new iPad Pro and MacBook Pro releases early next year
    • Korea taps Samsung, SK Hynix in $576 billion AI-chip drive to cement global leadership
    • First look at the Samsung Galaxy Z Fold 8, Z Flip 8, and Z Fold 8 Ultra
    • Global leaders launch AI for Good Global Commission to expand access, strengthen trust and accelerate impact
    • Apple plans five new iPhones through 2027, eyes Chinese-made chips amid foldable push, reports say
    • SLT-Mobitel becomes first MSP to partner Versa to deliver next-generation SASE solutions to empower Sri Lankan enterprises
    • Sri Lanka’s best digital innovators honoured at SLASSCOM National Ingenuity Awards 2026
    Facebook X (Twitter) LinkedIn
    Techie.LKTechie.LK
    Demo
    • Home
    • Local
      1. AI & Machine Learning
      2. Consumer Tech
      3. Cybersecurity
      4. Enterprise Tech
      5. Fintech & Digital Payments
      6. GovTech & e-Governance
      7. Legal & Regulatory Tech
      8. Science & Innovation
      9. Startups & Venture
      10. Telecom & Connectivity
      Featured

      SLT-Mobitel becomes first MSP to partner Versa to deliver next-generation SASE solutions to empower Sri Lankan enterprises

      By Techie.lkJuly 3, 20261
      Recent

      SLT-Mobitel becomes first MSP to partner Versa to deliver next-generation SASE solutions to empower Sri Lankan enterprises

      July 3, 2026

      Sri Lanka’s best digital innovators honoured at SLASSCOM National Ingenuity Awards 2026

      July 3, 2026

      Sri Lanka’s Long-Awaited PayPal Access Is Here, With Room Still to Grow

      May 31, 2026
    • International
      • AI & Machine Learning
      • Consumer Tech
      • Cybersecurity
      • Enterprise Tech
      • Fintech & Digital Payments
      • GovTech & e-Governance
      • Legal & Regulatory Tech
      • Science & Innovation
      • Startups & Venture
      • Telecom & Connectivity
    • Interviews
    • Profiles
    • Analysis
    • Contributors
    • Podcasts
    • More
      • About Us
      • Contact Us
    Techie.LKTechie.LK
    Home»Analysis»How hackers stole $2.5 million from Sri Lanka’s Treasury and nobody noticed for months
    Analysis

    How hackers stole $2.5 million from Sri Lanka’s Treasury and nobody noticed for months

    Techie.lkBy Techie.lkApril 25, 2026No Comments1 Views
    Facebook Twitter LinkedIn WhatsApp Reddit Tumblr Email
    How hackers stole $2.5 million from Sri Lanka's Treasury and nobody noticed for months
    Share
    Facebook Twitter LinkedIn

    A sophisticated email fraud targeting the Finance Ministry has exposed gaps in how the country manages its sovereign debt payments, and raised uncomfortable questions about digital security at the heart of government

    It did not begin with a dramatic server crash or a ransomware notice on a screen. It began, investigators now believe, with someone quietly reading the government’s emails.

    Cybercriminals managed to infiltrate the email systems of the Department of External Resources, known as the ERD, which sits within the Treasury. Once inside, they did not move immediately. They watched. They monitored ongoing discussions about debt restructuring and repayment schedules, learning the language, the timelines, and the contacts involved.

    When the moment came, they did not attack a bank. They sent an email.

    What Happened

    Sri Lanka was in the process of settling a bilateral debt obligation to Australia. The funds in question were part of a larger payment process between the Australian Export Finance Agency and the Treasury, with both parties exchanging information via email.

    The scam was executed in five instalments, transmitted between December 31, 2025, and March 20, 2026. The money was sent. The procedures were followed. The payment was processed. But the intended recipient never received it.

    The attackers had substituted the legitimate Australian bank details with their own. Because the instruction came from a trusted internal email address, Treasury officials processed the payment believing they were fulfilling a sovereign obligation. This is a well-documented form of cybercrime known as Business Email Compromise, or BEC. It does not require breaking into a bank’s servers. It requires patience, access to internal email, and the ability to impersonate people that others already trust.

    The total amount diverted was $2.5 million, making it the largest cyber theft ever recorded from a state institution in Sri Lanka.

    How It Came to Light

    The scam was identified only after Australian export finance agencies notified Sri Lankan officials that the money had never arrived. Treasury Secretary Harshana Suriyapperuma told journalists: “Although the government followed the required procedures and completed the payment, the intended recipient did not receive the money. Instead, the criminals who intervened in the email communications were able to divert nearly $2.5 million into other accounts.”

    Authorities say they first became aware in January 2026 that cyber criminals were trying to access the system, and action was taken at that stage. It was concerns over similar earlier attempts that later led authorities to review past transactions, during which it was discovered that hackers had also been active in relation to a previous payment.

    The scale of the breach became clearer still when cyber criminals allegedly attempted to divert a separate payment due to India, which raised red flags over altered account details. The India attempt appears to have been intercepted before funds left.

    The Official Response

    On April 22, 2026, the Ministry issued an official statement confirming it had lodged complaints with the Criminal Investigation Department and the Central Bank’s Financial Intelligence Unit. The Ministry said it first informed Sri Lanka CERT and the Computer Crime Investigation Division of the Sri Lanka Police after identifying information linked to the foreign currency payment. A preliminary internal inquiry was conducted, and disciplinary action was initiated against several officials.

    Four senior officers at the Public Debt Management Office were suspended. Authorities said they were seeking help from foreign law enforcement agencies.

    Australia’s High Commissioner Matthew Duckworth confirmed awareness of irregularities in payments owed to Canberra, stating that Australian officials were cooperating with Sri Lankan authorities and that Australia remained committed to supporting Sri Lanka’s recovery and debt sustainability efforts.

    The Political Dimension

    The incident has not remained a technical matter. It has moved into parliament, and quickly.

    A group of opposition lawyers wrote to the Speaker of Parliament noting that Sri Lanka was due to pay USD 22.9 million to the creditor in September 2025, with the $2.5 million being a partial payment. They called on the Speaker to initiate an inquiry, arguing that public finances are parliament’s responsibility. The issue was raised at the proceedings of the Committee on Public Accounts.

    Opposition leader Harsha de Silva, who chairs the parliamentary Committee on Public Finance, wrote on X: “In over 15 years in Parliament, I have never seen this level of contempt for parliamentary oversight,” accusing the government of concealing the breach from the legislature.

    The Wider Context

    The timing carries weight that goes beyond the numbers.

    Sri Lanka is still recovering from its catastrophic economic crisis in 2022, when Colombo defaulted on its $46 billion external debt. The Public Debt Management Office itself was established this year under an IMF-backed $2.9 billion bailout framework. A cyberattack on the very office managing that debt repayment is a significant institutional blow.

    There is an irony that has not gone unnoticed: Sri Lanka’s central bank and finance ministry had launched an advertising campaign in local newspapers earlier this year warning citizens against falling prey to cyber scams, even as the ministry’s own systems were compromised.

    What Recovery Looks Like

    Because the funds were transferred through international banking channels, the Sri Lankan government is coordinating with the Australian High Commission and foreign law enforcement agencies to trace the money. Experts warn that once funds are siphoned into global mule accounts, full recovery is often difficult.

    The focus has since shifted to systemic reform. Under the direction of President Anura Kumara Dissanayake, who also oversees the digital infrastructure portfolio, the Treasury is being pushed to move away from email-based payment approvals entirely.

    The Finance Ministry has said efforts are underway to recover as much as possible of the lost funds. As of the time of writing, the investigation remains active and ongoing.

    What This Tells Us

    This incident is not unique to Sri Lanka. Business Email Compromise attacks on government finance departments have occurred in countries across Asia, Africa, and Europe. What makes this case notable is that it struck at a particularly sensitive point, during active sovereign debt restructuring, involving a bilateral creditor, and routed through a newly established institution that was itself set up to improve debt governance.

    The breach was not the result of some advanced nation-state level intrusion. It was a patient, targeted manipulation of email-based trust. The systems were not fundamentally broken. The process was exploited.

    That is, in many ways, the harder problem to solve. Technology can be updated. Servers can be hardened. But the habits around how government institutions communicate, verify, and approve large financial transactions are slower to change, and they are exactly what attacks like this one are designed to exploit.

    Top News
    Share. Facebook Twitter LinkedIn
    Techie.lk
    • Website

    Related Posts

    Meta agrees to Indian AI data center deal as hyperscaler bolsters its infrastructure

    July 3, 2026

    Apple is reportedly planning new iPad Pro and MacBook Pro releases early next year

    July 3, 2026

    First look at the Samsung Galaxy Z Fold 8, Z Flip 8, and Z Fold 8 Ultra

    July 3, 2026
    Leave A Reply Cancel Reply

    Demo
    Top Posts

    Sri Lanka’s USD 2.5 Million Cyber Fraud: Investigations Underway as Questions Emerge Over Payment Process

    April 23, 20268

    Sampath Bank and Apartner Bring Digital Payments to Sri Lanka’s Growing Condominium Sector

    March 16, 20268

    Moose Fan App gains significant traction throughout T20 World Cup

    March 12, 20266

    LankaPropertyWeb Unveils “Apartment Finder”: A Game-Changer in the Real Estate Market

    March 10, 20266
    Don't Miss
    International

    Meta agrees to Indian AI data center deal as hyperscaler bolsters its infrastructure

    By Techie.lkJuly 3, 20261

    Meta Platforms said on Wednesday it will lease an artificial intelligence-enabled data center in India…

    Apple is reportedly planning new iPad Pro and MacBook Pro releases early next year

    July 3, 2026

    Korea taps Samsung, SK Hynix in $576 billion AI-chip drive to cement global leadership

    July 3, 2026

    First look at the Samsung Galaxy Z Fold 8, Z Flip 8, and Z Fold 8 Ultra

    July 3, 2026
    Stay In Touch
    • Facebook
    • Twitter
    • LinkedIn

    Subscribe to Updates

    Get the latest creative news from SmartMag about art & design.

    Demo
    About Us
    About Us

    Your source for the lifestyle news. This demo is crafted specifically to exhibit the use of the theme as a lifestyle site. Visit our main page for more demos.

    We're accepting new partnerships right now.

    Email Us: techielkeditor@gmail.com
    Contact: +94 77 328 0773

    Facebook X (Twitter) LinkedIn
    Our Picks

    Meta agrees to Indian AI data center deal as hyperscaler bolsters its infrastructure

    July 3, 2026

    Apple is reportedly planning new iPad Pro and MacBook Pro releases early next year

    July 3, 2026

    Korea taps Samsung, SK Hynix in $576 billion AI-chip drive to cement global leadership

    July 3, 2026
    Most Popular

    Sri Lanka’s USD 2.5 Million Cyber Fraud: Investigations Underway as Questions Emerge Over Payment Process

    April 23, 20268

    Sampath Bank and Apartner Bring Digital Payments to Sri Lanka’s Growing Condominium Sector

    March 16, 20268

    Moose Fan App gains significant traction throughout T20 World Cup

    March 12, 20266
    © 2026 Techie. Designed by NIKO.
    • Terms & Conditions
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.