Treasury hack probe finds part of stolen US$2.5 million in a Delaware TD Bank account, as FBI and Australian authorities assist Sri Lanka.
Treasury hack investigations have revealed that part of the stolen US$2.5 million has been traced to a bank account in Delaware, USA.
The Sunday Times reports that part of the US$2.5 million, worth more than Rs. 75 crore, allegedly stolen by hacking into the Treasury’s computer system, had been credited to a bank account in the US state of Delaware.
A senior police official told the newspaper that the money had been credited to an account at a TD Bank branch maintained in the name of a company that registers internet businesses.
Investigations have also revealed that the full amount had not gone into one account. Instead, only a portion of the stolen funds had been credited there, while the rest had reportedly been distributed among several other accounts.
The Financial Intelligence Unit of the Central Bank of Sri Lanka has now requested assistance from the United States Federal Bureau of Investigation regarding the matter.
The Criminal Investigation Department is also exchanging information with Australian authorities as investigations continue into how the funds were diverted.
The missing money was a bilateral loan instalment that was due to be paid to Australia.
According to the government, the funds were diverted to a fraudulent account after email accounts at the Ministry of Finance were hacked.
The Committee on Public Finance, chaired by Dr. Harsha de Silva, has also examined the matter through a special investigation.
During that inquiry, it was revealed that the Treasury’s debt repayment process has been fully digitised.
No physical documents or signatures are used in the process.
It was also revealed that full authority for paying foreign loan instalments has been vested in the Director of the State Debt Management Office.
At a confidential discussion held on April 30, it was further revealed that the Ministry had also been made aware of similar suspicious cyber activity during the payment of a loan instalment due to India in January 2026.
The discussion also revealed that two transactions with incomplete information had been rejected by the Central Bank system during the transition period from September 2025 to January 2026.
The latest revelations have intensified concerns over the security of Sri Lanka’s digital financial systems, especially when foreign loan repayments and state debt payments are being handled through fully digitised channels.
The tracing of part of the funds to Delaware is now expected to become a key point in the wider investigation, as Sri Lankan authorities seek international cooperation to identify the individuals and accounts linked to the alleged fraud.
