Sri Lanka has been rocked by a major cyber fraud involving $2.5 million (approximately ₹23.75 crore), triggering serious concerns across its financial and administrative systems. The case is linked to the Ministry of Finance’s Department of External Resources, where investigators uncovered a major manipulation in an international payment process. The Criminal Investigation Department (CID) has intensified its probe, treating the incident as a cross-border financial cybercrime involving sophisticated digital deception techniques.
Fake Emails Turn Official Payment Into Cyber Trap
Officials have clarified that the incident was not a direct system hack, but a carefully executed phishing and impersonation-based cyber fraud. According to the investigation, fake email IDs and spoofed domains were created to intercept official communication channels. Using these fraudulent digital identities, attackers manipulated the payment instructions intended for an Australian creditor. Instead, the funds were redirected to an unauthorized bank account. Early findings suggest the operation may have been carried out by a coordinated cybercrime network.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
CID, CERT Trace Digital Trail Behind International Fraud
So far, statements have been recorded from seven officials connected to the Department of External Resources and the State Debt Management Office. Authorities have also seized multiple computer systems, email archives, and digital records, which have been transferred for forensic examination. Experts are analyzing email logs, IP addresses, server activity, and data traffic patterns to trace the exact breach pathway. The Sri Lanka Computer Emergency Readiness Team (CERT) is assisting investigators with technical expertise to reconstruct the entire attack chain.
Four Officials Suspended as Accountability Storm Grows
In response to the incident, four senior officials from the Ministry of Finance have been suspended with immediate effect. Investigators believe that while external cybercriminals played a major role, internal procedural weaknesses may have also contributed to the breach. Preliminary assessments suggest that critical multi-layer verification protocols in the payment approval system may not have been fully enforced, allowing the fraudulent transaction to proceed unchecked.
A legal advocacy group has raised concerns over delays in submitting the investigation report to the court, demanding greater transparency and accountability from the authorities. The group has also submitted 22 detailed questions covering cybersecurity protocols, email authentication systems, payment approval workflows, and the effectiveness of cyber alert mechanisms. The case has now become a focal point of public debate on institutional accountability and digital security readiness.
₹23.75 Crore Diverted as Verification Gaps Come Under Scanner
Cybersecurity experts believe the incident may be part of a larger international cybercrime operation. According to specialists, financial institutions and government departments are increasingly being targeted through advanced phishing campaigns designed to divert high-value fund transfers. These attacks often exploit weak monitoring systems, delayed security updates, and gaps in real-time verification frameworks. The Sri Lankan case has once again highlighted vulnerabilities in digital financial infrastructure.
Investigators are now working to map the complete network behind the fraud and identify how unauthorized access was gained to official communication channels. They are also examining whether the attack involved international cyber syndicates or received any local assistance. Authorities have indicated that as the investigation progresses, more critical details and potential arrests may follow.
