Sri Lankan authorities have sought the assistance of the Federal Bureau of Investigation (FBI) as investigations intensify into the alleged loss of USD 2.5 million from the Treasury Sunday Times reports. The loss of 2.5 million US$ believed to have occurred through a sophisticated business email compromise (BEC) scam.
The Criminal Investigation Department (CID), which is leading the probe, has reportedly engaged a United States-based cyber security firm specializing in detecting and countering email hacking and phishing operations. Investigators are still attempting to trace the origin of the fraudulent emails, identify where the misappropriated funds were transferred, and determine those responsible for orchestrating the scam.
According to officials familiar with the inquiry, key details surrounding the cyber attack remain unclear. The Financial Intelligence Unit (FIU) of the Central Bank has yet to establish the financial trail or uncover the beneficiaries of the illicit transaction.
Authorities confirmed that the investigation has now expanded beyond Sri Lanka, with international collaboration underway. Australian law enforcement agencies have also joined efforts to assist in tracking the cross-border movement of funds and identifying suspects linked to the fraud.
Although the Ministry of Finance had reportedly detected suspicious activity as early as January, a formal complaint was only lodged with the CID on March 28 by a senior ministry official. Investigations commenced thereafter, raising concerns over the delay in initiating legal action.
Senior Treasury sources indicated that there are growing fears that sensitive financial documents—particularly those related to foreign loan repayments—may have been compromised during the cyber breach. This has prompted stricter internal controls, with officials instructed to rigorously verify email communications and related documentation before authorizing any financial transfers.
As part of the ongoing investigation, the CID has begun analyzing transaction data from recent months in an effort to reconstruct the sequence of events and uncover potential vulnerabilities within the system.
The incident has highlighted significant concerns over cyber security preparedness within key state institutions, as authorities race to contain the fallout and prevent further financial losses.
