Sri Lanka’s Finance Ministry is facing one of its most serious crises in recent years, as investigations into a USD 2.5 million cyber fraud intensify alongside the suspicious death of a key official tied to the case. The unfolding scandal has exposed not only a sophisticated financial breach but also systemic weaknesses in governance, staffing, and digital infrastructure.
The most alarming development came on April 30, when Ranga Rajapaksa, an interdicted Assistant Director of the External Resources Department, was found dead in his Kuliyapitiya residence under unclear circumstances. Police reported injuries and recovered a knife at the scene, but have yet to determine whether the death was a homicide, suicide, or accident. Rajapaksa had been questioned multiple times by the Criminal Investigation Department (CID) and was considered a crucial figure in understanding how the fraud unfolded.
Investigators revealed that the stolen funds were siphoned off in five separate transactions between November and January. Hackers allegedly infiltrated email communications related to debt repayments to Australia, altering bank details to redirect funds. The fraud came to light only after Australian creditors flagged missing payments, prompting deeper scrutiny.
However, beyond the cyberattack itself, attention is increasingly turning toward internal failures within the Finance Ministry. Sources indicate that several officials involved in handling sensitive debt transactions lacked adequate experience, with appointments allegedly influenced by political affiliations to the ruling party. Critics argue that such placements weakened oversight and decision-making at critical points.
Further complicating matters are reported deficiencies in IT administration. Officials responsible for managing financial communication systems were ill-equipped to detect or respond to phishing attempts and email manipulation. Computer systems used in processing transactions are now under forensic examination, with early indications pointing to outdated security protocols and poor internal controls.
Communication breakdowns have also come under scrutiny. The Committee on Public Finance (CoPF), chaired by Harsha de Silva, highlighted delays in informing Parliament about the missing funds. Despite red flags emerging as early as January, confirmation of the fraud only came in March, raising concerns about transparency and accountability.
The Treasury Secretary, Harshana Suriyapperuma, and other senior officials faced questioning before the committee, while five high-ranking officaials including IT leadership have been suspended and placed under travel bans.
Deputy Minister Anil Jayantha is expected to present a detailed statement in Parliament on May 5, outlining the government’s position and next steps. Meanwhile, international cooperation with Australian authorities continues in an effort to trace the stolen funds.
As investigations proceed, the scandal has become emblematic of deeper institutional vulnerabilitieswhere political patronage, weak technical capacity, and administrative inefficiencies converge with costly consequences. If the funds are not recovered, officials warn, the ultimate burden may fall on taxpayers.