Rising alarm as experts warn that the focus on recovering stolen millions may be masking deeper cybersecurity failures within Sri Lanka’s Treasury systems, intensifying calls for accountability and systemic reform.
Experts and critics have described the ongoing debate surrounding the recovery of the US $2.5 million allegedly stolen from Sri Lanka’s Treasury as a “smokescreen,” warning that the heavy focus on retrieving the funds could be diverting attention from the more serious issue of how the cyber breach occurred in the first place. This perspective has added a new layer of controversy to an already sensitive Sri Lanka Treasury cyber security breach.
According to cybersecurity observers, the narrative around recovery efforts risks overshadowing critical questions about vulnerabilities within Sri Lanka’s financial systems. Concerns have been raised that without addressing the root causes of the breach, efforts to recover the stolen funds may provide only temporary reassurance rather than long term protection against future cyber attacks.
The Sri Lanka Computer Emergency Response Forum had earlier indicated that hackers used phishing techniques to impersonate trusted entities and manipulate internal information systems, ultimately enabling the fraudulent transfer of funds. Following the incident, discussions were held at the Ministry of Finance, where authorities began assessing the scale of the cyber attack and exploring possible technical and institutional responses.
However, several experts argue that the public emphasis on recovery is misleading. They suggest that this approach could be shifting focus away from systemic weaknesses in state financial cybersecurity infrastructure that allowed the breach to take place. Without confronting these structural flaws, recovery discussions alone risk becoming symbolic rather than substantive.
The incident has therefore sparked a broader national debate on accountability, transparency, and the effectiveness of Sri Lanka’s cyber defense mechanisms. Analysts stress that meaningful reform must go beyond financial recovery and address governance, digital security frameworks, and institutional responsibility to prevent similar incidents in the future.
