Sri Lanka Confirms Hackers Diverted USD 2.5 Million Meant for Australian Debt Repayment

COLOMBO (News 1st); Sri Lanka’s Ministry of Finance has revealed that cyber hackers infiltrated the computer system of the External Resources Department, leading to the fraudulent diversion of a foreign debt repayment of nearly USD 2.5 million intended for Australia.

Addressing the issue, Dr. Harshana Suriyapperuma, Secretary to the Ministry of Finance, said the intrusion was first detected in January 2026, when officials became aware that hackers had attempted to gain unauthorized access to the External Resources Department’s systems and compromise them. Upon identifying the threat, the Ministry immediately alerted law‑enforcement authorities.

He said reports were lodged with the Sri Lanka Computer Emergency Readiness Team (SL‑CERT) and the Computer Crimes Investigation Division of the Sri Lanka Police to investigate the attempted system breach. In parallel, ministry officials instructed the External Resources Department to conduct an internal review to determine whether any further damage had occurred beyond the initial incident.

Subsequent investigations revealed that the cyberattack had taken place earlier than first detected. A review of previous months’ transactions uncovered that hackers had intercepted email communications linked to a government‑to‑government debt repayment involving Australia.

By altering payment details, the attackers diverted approximately USD 2.5 million to other bank accounts, even though the Sri Lankan government had processed the payment in line with established procedures. As a result, the funds did not reach the intended creditor.

Dr. Suriyapperuma said that once this was discovered, the Ministry again informed the Criminal Investigation Department and also notified the Financial Intelligence Unit of the Central Bank of Sri Lanka, given the cross‑border nature of the financial transaction. Formal complaints were lodged stating that cybercriminals had illegally accessed government systems and carried out a financial crime.

He said the Ministry did not stop with law‑enforcement referrals. A formal internal investigation was launched by appointing a committee comprising two Deputy Treasury Secretaries to examine the incident in detail, assess institutional gaps, and recommend further action in line with financial regulations and organizational procedures. Based on the committee’s findings, disciplinary action has already been taken against certain officials.

Dr. Suriyapperuma emphasized that confidentiality was maintained deliberately to avoid obstructing investigations. He warned that premature disclosure could allow cybercriminals to evade detection by changing methods, erasing digital traces, or fleeing jurisdictions. Accordingly, the Ministry worked closely and discreetly with local and international law‑enforcement agencies, recognizing that organized cybercrime networks often operate across borders.

He confirmed that Sri Lanka also informed the Australian High Commission and the affected creditor through diplomatic channels as soon as the issue was identified. Relevant institutions involved in the broader debt restructuring programme were likewise notified, as required under existing agreements.

The Secretary stressed that the incident occurred in the latter part of 2025, during a period when Sri Lanka had already successfully restructured and commenced repayment of billions of dollars in external debt. He stated that Sri Lanka had demonstrated both the ability and clear intention to meet its debt obligations by making payments on time. The diversion of funds, he said, was entirely due to criminal interference and not a failure or unwillingness on the part of the state.

Following consultations with legal and technical debt‑restructuring advisers, the Ministry concluded that Sri Lanka had acted in good faith. He said while the intention and action to repay existed, cybercriminals intervened and redirected the funds unlawfully.

Dr. Suriyapperuma said discussions with the affected creditor are ongoing, with Sri Lanka continuing to demonstrate its commitment to debt repayment and transparency. He added that enhanced safeguards have been implemented to minimize the risk of similar incidents in the future, while granting investigators sufficient time and space to continue their work without interference.

He noted that further details cannot be disclosed at this stage to avoid undermining ongoing investigations being carried out jointly by the Ministry of Finance, the Public Debt Management Office, and the Central Bank of Sri Lanka.