![Gossip Lanka News [English]](https://blogger.googleusercontent.com/img/a/AVvXsEhYm2aFFq-bIW1nWX-RrqnPFoIsVos6_VCVz8BpLt0QJi55GNXHXC2fugeRvL0qUStEuCfs7Sfu6ZiSlhrkldxfGuE_wzy5gitY6rMZ2KSi8VBbGvkgXLks37RwZV-4-HKbWiNLRxB8C_r1e4z3mpxFTMPDJPEADoG8E-bZteWFipeD5KNGbjvCfqEfKw=s300 "Gossip Lanka News [English]")
Is the disappearance of millions of dollars of public funds through cyberspace in the blink of an eye merely a technical error, or a planned robbery orchestrated by an unseen hand?
Detectives have now located a portion of the massive sum of USD 2.5 million, fraudulently diverted to other accounts by hackers who infiltrated the computer system of Sri Lanka's Ministry of Finance, hidden in a bank account in Delaware, USA. A senior police officer confirmed that this account was maintained at a TD Bank branch in Delaware under the name of an internet business registration company.
However, investigations have further revealed that the entire stolen amount was not deposited into a single account, and this public wealth has circulated through several accounts. This USD 2.5 million was a bilateral loan installment due to be paid to Australia. By hacking the email accounts of Ministry of Finance officials, the criminals subtly diverted the relevant loan amount to a fraudulent account.
To pursue the international network of this serious financial crime, the Financial Intelligence Unit (FIU) of the Central Bank of Sri Lanka and the Criminal Investigation Department (CID) have already sought assistance from the American Federal Bureau of Investigation (FBI). In addition, the Australian Federal Police are also involved in these investigations, and they have already requested detailed reports from Sri Lankan authorities regarding the email conversations that led to the fraud.
This crisis reveals not just an external hacker attack, but also the serious vulnerabilities within the state financial systems. During a closed-door meeting held on April 30th by the Committee on Public Finance (COPF), chaired by Member of Parliament Dr. Harsha de Silva, several astonishing facts were revealed. Namely, that the Treasury's debt repayment process has been completely digitized without any physical documents or signatures, and that the sole, unlimited authority to approve all foreign debt payments has been assigned only to the Back-Office Director of the newly established Public Debt Management Office (PDMO).
It was revealed before the committee that even the Treasury Operations Department, responsible for the Treasury's cash flow, does not have the authority to grant final approval for these loan payments, receiving only a mere notification. Treasury Secretary Harshana Suriyapperuma, along with several senior officials from the Ministry of Finance and the Central Bank, were summoned to this committee meeting. Under the previous system, money transfers occurred through the SWIFT system after undergoing strict scrutiny in several steps via the Department of External Resources, the Public Debt Department of the Central Bank, and the Finance Department. However, the new system has centralized all these responsibilities, creating an extremely risky situation.
What is even more shocking is that authorities had received sufficient prior warnings to prevent this tragedy. The Committee on Public Finance points out that the Ministry of Finance had been warned about similar suspicious cyber activity concerning a loan payment due to India in January 2026. Furthermore, during the transitional period between September 2025 and January 2026, two transactions were rejected by the Central Bank system due to incomplete information.
At a time when a country is struggling to emerge from a massive economic abyss, no authority can simply wash their hands of the matter by claiming that the disappearance of national wealth, akin to the blood of the people, in cyberspace is merely a technical error.
