An alleged USD 2.5 million cyber fraud at Sri Lanka’s Treasury is under investigation after part of a foreign debt repayment was allegedly diverted to a hacker through fraudulent email instructions, Cabinet Spokesperson Nalinda Jayatissa confirmed on Wednesday.
The funds were part of a USD 22.9 million foreign loan instalment due in September 2025. Jayatissa told reporters he had no further detail on whether the money was routed to an account controlled by hackers instead of the creditor country, and said the Treasury would issue a clarification on whether senior officials — including Treasury directors and an IT division head — had been suspended pending the probe.
Opposition Leader Sajith Premadasa said the Ministry of Finance, Treasury and Central Bank of Sri Lanka had demonstrated an inability to safeguard the country’s financial operations. Speaking in Kataragama, Premadasa warned that if foreign currency reserves could be lost through forged confirmations and fraudulent instructions, the nation’s financial security was “under threat”. He called for an independent and transparent inquiry.
SLPP MP Namal Rajapaksa described the incident as “a serious breakdown of oversight, internal controls, and institutional safeguards within the Treasury” rather than a minor administrative lapse. “How did fraudulent email instructions bypass verification protocols? Why were safeguards inadequate? Was the proper role of the Central Bank of Sri Lanka undermined in handling such high-value transactions?” Rajapaksa asked, arguing that accountability must begin at the top.
The State Debt Management Office, Department of Foreign Resources and the Central Bank are among the institutions implicated in the oversight chain for foreign debt repayments of this size.
In a statement issued later on Wednesday, the Ministry of Finance confirmed disciplinary action had been initiated against several officials over the breach, which it said was traced to a foreign currency payment in January 2026. The Ministry said hackers had breached the computer system of the External Resources Department and that complaints had been lodged with the Sri Lanka Computer Emergency Readiness Team, the Computer Crime Investigation Division, the Criminal Investigation Department and the Financial Intelligence Unit of the Central Bank. A preliminary internal inquiry had been completed and “necessary actions have been taken,” the Ministry said, declining to comment further so as not to disturb the ongoing investigations.
Deputy Minister of Finance Dr Anil Jayantha later provided further operational detail, saying the breach occurred during communication and fund-settlement activity between the Australian Export Finance Agency and the Treasury, in which both parties exchanged information via email. Hackers exploited that channel to manipulate the exchange, he said. The fraud surfaced only after a similar attempt was made on a payment due to India — suspicion arose when account number changes were detected.
A lengthy investigation traced the communications back to the start of debt-restructuring and repayment discussions, establishing that money intended for the Australian Export Finance Agency had been diverted into accounts controlled by the hackers. An internal committee including two deputy treasury secretaries has been appointed to examine possible disciplinary issues and five Treasury officials have since been interdicted on its recommendations. Dr Jayantha said publicising further details could let cybercriminals anticipate the investigation’s next steps, with the immediate priority being arrests.
The COPF committee is pursuing the Treasury breach as a potential technical default on Sri Lanka’s debt obligations, raising governance questions that parallel the ongoing NDB Rs. 13.2bn fraud probe.
The Australian High Commission in Colombo formally confirmed on April 23 that both the mission and Sri Lanka’s Ministry of Finance are aware of irregularities in payments owed to the Australian Government. In a statement posted on X, the High Commission said Sri Lankan authorities had launched an investigation and that Australian officials were assisting the inquiry. “Australia remains committed to supporting Sri Lanka’s path toward debt sustainability,” the statement said. The confirmation validates the government’s account of the breach and opens a cross-border law-enforcement coordination track alongside the domestic CID and CCID investigations.
