Sri Lanka
USA
Canada
India
UK
UAE
A major cybercrime investigation involving alleged theft of USD 2.5 million from the Sri Lanka Treasury has been brought before the Colombo Fort Magistrate’s Court, with the Criminal Investigation Department (CID) presenting key findings and securing court approval for multiple precautionary measures.
The case was taken up before Magistrate Isuru Neththikumara, where the CID informed court that funds linked to government loan repayments were allegedly diverted by cybercriminals during a complex email-based fraud involving international financial transactions.
According to the CID, repayments made under a debt restructuring arrangement with Australia’s Export Finance mechanism were processed through official communication channels but later manipulated using a spoofed domain resembling a legitimate government email system. Investigators noted that while the authentic domain was “exportfinance.gov.au”, a fraudulent version such as “exportfinanceav.com” was created to mislead transactions.
The CID further stated that payments were processed based on invoices received via official email channels of the External Resources Department. Although a cybersecurity alert was reportedly issued by the service provider “Enable” in late October 2025 regarding domain changes, the transfer of funds had already taken place.
Investigations also revealed that certain data within the External Resources Department systems may have been deleted, prompting the court to question whether the action was deliberate. However, officials confirmed that inquiries are still ongoing and no suspects have yet been identified.
The CID told court that a full investigation is being conducted under the Penal Code, the Computer Crimes Act, and laws related to public property offences. It was also revealed that system changes and email migrations to platforms such as Outlook had been carried out prior to the incident, adding further complexity to the probe.
Given the technical nature of the case, the CID requested the appointment of a special expert panel comprising representatives from the Government Analyst’s Department, Sri Lanka CERT, and the University of Colombo’s Faculty of Computing to assist in the investigation.
Granting the request, the Magistrate also approved the inspection of bank accounts belonging to five officials placed on compulsory leave and ordered overseas travel restrictions on them as a precautionary measure.
In a further directive, the court instructed that the case file be securely stored in the court’s safe due to the sensitive and highly technical nature of the ongoing investigation.
