Cybercriminals breached the Ministry of Finance Sri Lanka system and stole around $2.5 million, marking one of the largest digital thefts targeting a state institution in the country. Officials confirmed the incident as investigations continue into how hackers accessed sensitive financial systems.
Authorities said the stolen funds were originally intended for debt repayment to Australia, highlighting the seriousness of the breach amid ongoing financial recovery efforts. The attack comes as Sri Lanka continues to rebuild its economy after the severe financial crisis of 2022.
Read more : Sri Lanka unveils massive cyclone rebuild plan –
Finance officials revealed that the cyberattack targeted systems within the Public Debt Management Office, which handles international payments and government borrowing. Following the breach, four senior officers were suspended as investigators reviewed security lapses that allowed unauthorized access.
Meanwhile, officials reported that the intrusion attempt began with suspicious activity in the ministry’s email servers, which later escalated into unauthorized financial transfers. As a result, criminal investigators are now working with foreign agencies to trace the stolen funds and identify those responsible.
Read more : World bank warns Sri Lanka’s recovery still uneven, fragile
In addition, Sri Lanka has strengthened its financial monitoring systems under reforms linked to an International Monetary Fund bailout program worth $2.9 billion. Authorities said the Public Debt Management Office was recently created to improve transparency and manage external debt obligations more effectively.
Furthermore, diplomatic representatives from Australia confirmed awareness of irregularities in payments and stated they are cooperating with Sri Lankan officials. Both countries emphasized continued coordination, while Sri Lanka’s central bank has warned citizens about rising cyber threats targeting financial systems.