By: Staff Writer
June 30, Colombo (LNW): Sri Lanka’s Parliament is preparing to scrutinise one of the country’s most serious financial cybercrimes after official reports revealed that a US$2.5 million theft resulted from coordinated cyber deception and significant institutional shortcomings within the government’s debt management framework.
Documents submitted by the Ministry of Finance and the Central Bank of Sri Lanka (CBSL) to the Committee on Public Finance (COPF) describe a sophisticated Business Email Compromise (BEC) operation that successfully manipulated official payment communications relating to an external debt settlement.
The stolen funds formed part of a US$22.9 million payment due to Australia’s Export Finance Agency. According to investigators, cybercriminals registered fraudulent email addresses that closely resembled legitimate government and creditor domains. A subtle alteration replacing the letter “i” with the numeral “1” in the word “Australia” allowed the attackers to impersonate official communications and redirect payment instructions without detection.
Rather than withdrawing the money in one transaction, the criminals transferred the funds in five separate instalments. Officials say this pattern exposed the absence of continuous transaction monitoring and highlighted weaknesses in financial oversight systems.
The fraud remained undiscovered until Australian authorities informed Sri Lanka that part of the scheduled debt repayment had not reached the intended recipient. The delayed discovery has intensified concerns about the Treasury’s verification procedures and internal safeguards governing international financial transfers.
The reports further identify structural deficiencies within the government’s financial administration. The Department of External Resources, the Public Debt Management Office (PDMO) and the Treasury reportedly functioned on independent information technology platforms with limited coordination, preventing effective cross-checking of payment instructions and increasing operational risks.
Officials also flagged shortcomings in the delegation of financial authority inside the Treasury, raising questions over accountability and compliance with established financial controls.
The incident carried broader economic implications. Because the payment failed to reach the creditor on time, Sri Lanka technically accumulated new external payment arrears, placing it in breach of performance criteria agreed under the International Monetary Fund’s reform programme. To avoid disruption to IMF funding, the government sought and subsequently obtained a waiver after explaining that the arrears resulted from cyber fraud rather than policy failure.
Separately, the Ministry of Finance has negotiated a repayment schedule with Australian authorities to settle the outstanding obligation. However, implementing the repayment will require parliamentary approval of a supplementary budget to legally authorise the replacement debt service payment.
The criminal investigation has expanded internationally. Sri Lankan authorities are working closely with the Australian Federal Police (AFP), Interpol and the Federal Bureau of Investigation (FBI) to trace and recover the stolen funds. Investigators have already tracked approximately US$200 to a bank account in Delaware, United States, while efforts continue to identify additional financial transfers connected to the scheme.
The Committee on Public Finance, chaired by Dr. Harsha de Silva, is now consolidating evidence from the Ministry of Finance, the Central Bank and the Sri Lanka Computer Emergency Readiness Team (CERT). Its final report to Parliament is expected to recommend stronger cybersecurity measures, tighter financial controls and institutional reforms designed to prevent future attacks on Sri Lanka’s public finances.