A shocking admission reveals how a multimillion-dollar cyber fraud tied to Australia payments was concealed to protect investigations, raising serious questions about transparency, accountability, and Sri Lanka’s financial security systems.
The Secretary to the Ministry of Finance, Harshana Suryaperuma, has revealed that immediate action was taken once authorities became aware of a major financial fraud within the Treasury, offering new insight into one of the most alarming cybercrime incidents linked to Sri Lanka’s public finance system.
Speaking at a specially convened media briefing, the Treasury Secretary clarified the sequence of events surrounding the financial irregularity and the government’s response. He explained that a group of unauthorized cyber attackers had infiltrated a payment process connected to a loan installment involving Australia and had successfully diverted funds.
According to Suryaperuma, authorities made a deliberate decision not to disclose the incident at the outset. He emphasized that maintaining confidentiality during the early stages of the investigation was critical to ensuring that those responsible could not evade detection or tamper with evidence. The decision, he said, was taken in the interest of safeguarding the integrity of the investigation process.
He stated clearly, “We hid the incident of hackers stealing $2.5 million from the Central Bank because if information about it got out, the hackers could hide and leave their places,” underscoring the sensitivity of the operation and the risks associated with premature disclosure.
The Secretary further elaborated that the fraudulent transaction occurred during a payment linked to Sri Lanka’s debt restructuring arrangements with Australia. Cybercriminals were able to intercept official communication channels, manipulate email data, and redirect government funds into unauthorized bank accounts, exposing critical vulnerabilities in the financial system.
Initial signs of suspicious activity were detected as early as January 2026, when attempts were made by cyber actors to breach the External Resources Department system. In response, the Sri Lanka Computer Emergency Response Team and the Police Computer Crime Investigation Unit were immediately notified and tasked with conducting a thorough investigation.
Subsequent detailed probes uncovered that the cyber intrusion and fraudulent transaction had in fact taken place prior to the initial detection, raising serious concerns about the robustness of cybersecurity defenses within key financial institutions.
The Ministry of Finance then initiated a formal internal investigation through a high-level committee comprising two Deputy Treasury Secretaries. Based on the findings of this committee, disciplinary measures have already been taken against officers identified as having failed in their duties during the process.
At the diplomatic level, both the Australian Embassy and the relevant creditor institutions have been formally informed of the incident. In addition, the Financial Intelligence Unit of the Central Bank of Sri Lanka has commenced its own parallel investigation into the financial flows and potential money laundering aspects connected to the fraud.
Reiterating the reasoning behind the delayed disclosure, Suryaperuma stressed that law enforcement authorities required sufficient time to track down the perpetrators without alerting them prematurely. He maintained that revealing details too early could have allowed the criminals to escape or erase critical evidence.
The Treasury Secretary concluded by noting that the scale and nature of the operation suggest the involvement of an organized international cybercrime network. As a result, Sri Lanka is expected to cooperate closely with foreign investigative agencies to identify those responsible and recover the diverted funds.
