Hackers Divert Sri Lanka Debt Payment in $2.5m Cyber Heist

Sri Lanka has launched a formal investigation after hackers breached government systems and diverted $2.5 million (£1.8 million) from a debt repayment meant for Australia, officials have confirmed.

The funds were part of a bilateral debt obligation scheduled for settlement in September 2025, but authorities now believe the diversion occurred as far back as January, with details only recently coming to light.

How the Breach Occurred

According to Harshana Suriyapperuma, cybercriminals interfered with the payment process despite the government initiating the transaction.

“Even though Sri Lanka had made the due payments, the cyber criminals had intervened and diverted it to other bank accounts, instead of the intended recipient,” he said.

Investigators suspect that hackers manipulated email-based payment instructions within the sovereign debt payment system, altering account details to redirect the funds.

Officials Suspended, Probe Deepens

In response to the breach, four senior officials at the Public Debt Management Office have been suspended pending the outcome of investigations.

Authorities are also working with international law enforcement agencies to trace the stolen funds and identify those responsible.

The fraud was only detected after Australian authorities reported that the expected payment had not been received.

Further Suspicious Activity

Deputy Finance Minister Anil Jayantha Fernando revealed that suspicions deepened when cybercriminals allegedly attempted to manipulate another payment—this time involving India—raising alarms over a broader security breach.

Officials are now reviewing internal controls and safeguards to determine how multiple layers of verification failed to prevent the incident.

Economic Context and Impact

The cyber attack represents another setback for Sri Lanka, which is still recovering from a severe economic crisis that peaked in 2022.

During that period, the country defaulted on approximately $46 billion in external debt, leading to acute shortages of essential goods and widespread protests that forced the resignation of former President Gotabaya Rajapaksa.

International Cooperation

Matthew Duckworth confirmed that Australia is aware of the irregularities and is cooperating with Sri Lankan authorities.

“Sri Lankan authorities are investigating the matter and are coordinating with Australian officials, who are assisting the investigation,” he said.

Cybersecurity Concerns Grow

The incident comes shortly after Sri Lankan authorities launched a public awareness campaign warning citizens about the growing threat of cyber fraud.

The breach has now raised serious concerns about cybersecurity vulnerabilities within government financial systems, particularly in the handling of sensitive international transactions.

Investigations are ongoing, with authorities focused on recovering the stolen funds and strengthening safeguards to prevent future incidents.