Home Sections News Feature Loss of $ 2.5 million debt transfer: Cyber heist exposes weak links in Sri Lanka’s debt payment system
News Feature

Loss of $ 2.5 million debt transfer: Cyber heist exposes weak links in Sri Lanka’s debt payment system

Share
Share

By The Pulseline News Desk

What began as a routine repayment of a foreign loan has evolved into one of the most significant cyber-related financial crimes involving public funds in Sri Lanka, after Parliament was informed that $ 2.5 million was stolen through a cyber fraud during an overseas debt repayment transaction.

The Parliamentary Committee on Public Finance (COPF), which investigated the incident, has concluded that the diversion of funds was a clear case of cybercrime rather than a simple administrative error. Presenting the committee’s report to Parliament on Friday (10), COPF Chairman Harsha de Silva described the incident as a “clear case of cybercrime and theft” and called for a full criminal investigation to identify those responsible.

The stolen funds were part of a loan repayment made to Export Finance Ltd., Australia, but instead ended up in the hands of an unauthorised third party after cybercriminals compromised the payment process.

The committee’s findings have raised serious concerns about the resilience of the country’s financial systems at a time when Sri Lanka is navigating one of the most complex debt restructuring exercises in its history.

“This is a serious financial crime,” de Silva told Parliament, urging law enforcement authorities to pursue comprehensive investigations and take legal action against every individual connected to the fraud.

While the committee established that a cyber fraud had occurred, de Silva noted that Parliament’s mandate did not extend to determining whether there had been an internal conspiracy among officials or institutions involved in the transaction.

“Parliament does not have the authority to investigate whether there was a conspiracy,” he said, emphasising that such matters now fall within the jurisdiction of criminal investigators.

The report points to more than sophisticated cybercriminals. It also identifies institutional shortcomings and procedural lapses within the agencies responsible for processing the international payment, suggesting that weaknesses in internal controls made the fraud possible.

Recognising the broader implications of the incident, COPF has recommended that the National Audit Office (NAO) immediately conduct a comprehensive audit of Sri Lanka’s foreign debt repayment process to identify vulnerabilities and strengthen safeguards.

The committee believes such a review is essential to ensure that future debt servicing transactions are protected against increasingly sophisticated cyber threats.

Cybersecurity has emerged as another major focus of the committee’s recommendations.

De Silva called on the Ministry of Digital Affairs, together with the Sri Lanka Computer Emergency Readiness Team (SLCERT), to urgently modernise the digital infrastructure and computer systems of the institutions involved in handling international financial transactions.

The committee concluded that outdated systems and weaknesses in digital operations had left critical public institutions exposed to cyber risks at a time when governments worldwide were facing increasingly complex attacks on financial networks.

During the inquiry, the committee received extensive cooperation from key state institutions, including the Treasury Secretary, the Governor of the Central Bank of Sri Lanka (CBSL), officials from the relevant agencies, representatives of SLCERT, and the Attorney General’s Department.

Their evidence enabled the committee to reconstruct the events surrounding the fraudulent transfer and identify systemic weaknesses that require urgent attention.

The tabling of the report now shifts the focus from parliamentary oversight to criminal investigation.

Authorities are expected to examine how the cybercriminals infiltrated the payment process, whether insider involvement played any role, whether the stolen funds can be traced and recovered, and what legal action should follow.

Beyond the immediate financial loss, the incident has highlighted the growing cybersecurity risks confronting governments as public finance increasingly depends on digital systems and international electronic transactions.

For Sri Lanka, the committee’s findings serve as both an account of a costly cyber heist and a warning that stronger digital safeguards, tighter financial controls and greater institutional accountability are now indispensable to protecting public funds.

Author

Share

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles
News Feature

Ayurvedic sector introduces herbal preparations as dengue cases rise

By The Pulseline News Desk As Sri Lanka continues its battle against...

News Feature

LRT project unlikely to proceed as Government shifts focus to Metro Bus system

By The Pulseline News Desk The long-delayed Light Rail Transit (LRT) project...

News Feature

Govt opens temporary prisons as Negombo facility closes after unrest

By The Pulseline News Desk The Government has moved to temporarily expand...

News Feature

Mobile drug testing for drivers to expand islandwide

By The Pulseline News Desk The Ministry of Transport and Highways has...