Sri Lanka loses $2.5m in cyber theft
Finance Ministry Secretary Harshana Suriyapperuma speaks at a press conference in Sri Lanka. Photo: Collected
Sri Lanka lost $2.5 million set aside for debt repayment to Australia after hackers breached the Finance Ministry’s computer system and siphoned off the funds, authorities said.
Sri Lanka lost $2.5 million that had been set aside to repay debt to Australia. Hackers broke into the Finance Ministry’s computer system and siphoned off the funds, authorities said.
Finance Ministry Secretary Harshana Suriyapperuma disclosed the incident at a press conference in Colombo on Thursday, describing it as the largest financial theft in the country’s history, NDTV reported.
Suriyapperuma said the $2.5 million had been reserved for repayment to Australia. Authorities had earlier been alerted to a possible breach of the ministry’s email servers, but the money disappeared before protective measures could be fully implemented.
He said an investigation has been launched. Four senior officials from the Public Debt Management Office (PDMO) have been suspended for negligence. Criminal investigators are probing the incident, while assistance has also been sought from foreign law enforcement agencies.
Meanwhile, Australia’s High Commissioner to Sri Lanka, Matthew Duckworth, said Australian authorities are aware of the “irregularity” involving funds due to them.
In a post on X, he clarified that Sri Lankan authorities are investigating the matter and are coordinating with Australian officials assisting the probe. He added that Australia remains committed to supporting Sri Lanka’s return to debt sustainability.
The cyberattack comes as Sri Lanka continues to recover from its 2022 economic collapse, when it defaulted on $46 billion in foreign debt, triggering political unrest and a change of government. Analysts say the latest incident is a major setback for the country’s new left-leaning administration as it attempts to stabilize the economy.
Cyber-enabled financial theft is not new in South Asia. In February 2016, hackers targeted Bangladesh Bank’s foreign reserves in one of the world’s largest cyber heists.
Hackers attempted to steal $961 million from Bangladesh Bank’s account at the Federal Reserve Bank of New York, successfully transferring $101 million, $81 million to the Philippines and $20 million to Sri Lanka, using fraudulent SWIFT instructions.
According to the FBI and cybersecurity experts, the North Korea-linked Lazarus Group was behind the attack.
While the $20 million sent to Sri Lanka was quickly recovered, most of the $81 million transferred to the Philippines was not retrieved. A Philippine court recently ordered the forfeiture of the $81 million. A bank official at RCBC was also sentenced to prison in connection with the laundering case, while Bangladesh’s investigation report deadline has been repeatedly extended.
