How does $2.5 million just… vanish? That’s the question rattling officials in Colombo after cyber criminals breached the country’s finance ministry.
And quietly siphoned off funds meant for debt repayment.
Not pocket change—this is the largest cyber theft ever reported from a Sri Lankan state institution.
And the timing? Brutal. The country is still recovering from its 2022 economic crisis, when it defaulted on $46 billion in debt.
According to finance secretary Harshana Suriyapperuma, the stolen money was supposed to go to Australia.
Instead, it disappeared after hackers infiltrated the ministry’s email system—an entry point that sounds almost too simple.
Four senior officials from the Public Debt Management Office have already been suspended.
Cyberattack Exposes Vulnerabilities
Investigators are now scrambling, even seeking help from international agencies.
“We are not in a position to give further details,” Suriyapperuma admitted.
So what went wrong? Experts often warn that cyberattacks don’t just exploit technology—they exploit gaps in systems, training, and oversight.
For a country rebuilding trust in its financial system, this isn’t just a hack—it’s a setback.
Because in today’s world, the battlefield isn’t just economic or political… it’s digital.
