Sri Lanka has confirmed a second major financial loss, revealing that a $625,000 payment intended for the U.S. Postal Service has vanished. This disclosure follows a massive $2.5 million breach of the nation’s finance ministry, raising urgent questions about the security of government payment systems.
Missing Funds and Expanding Inquiries
Local authorities identified the missing $625,000 payment—approximately 199.7 million Sri Lankan rupees—after U.S. officials notified the government that the funds never arrived. The incident came to light after hackers attempted to divert a separate payment destined for India, triggering a broader investigation into the country’s financial operations, reports local media.
Evidence suggests the security failure may be international in scope. Australian officials are reportedly investigating irregularities in payments owed to Australia, fueling concerns that these thefts are part of a coordinated and widespread campaign.
The $2.5 Million Finance Ministry Breach
These revelations trail closely behind the announcement of a $2.5 million heist targeting the Sri Lankan finance ministry. Treasury Secretary Harshana Suriyapperuma confirmed that hackers successfully intercepted payments from the postal authority, rerouting funds into unauthorized bank accounts rather than the intended recipients, according to Bloomberg.
The Mechanics of the Attacks
Security experts believe these incidents are sophisticated Business Email Compromise (BEC) attacks. In these schemes, cybercriminals infiltrate email inboxes or accounting systems to manipulate invoices, bank account details, and routing numbers.
FBI data identifies BEC scams as a primary driver of cybercriminal profit, frequently resulting in billions of dollars in global losses annually. By compromising a single point of entry, attackers can misdirect large-scale government payments with minimal detection until the recipient reports a non-payment.
Political and Economic Fallout
The successive security lapses have intensified pressure on the Sri Lankan government, which is still navigating the aftermath of a severe economic crisis. The nation previously defaulted on its debt in 2022, a collapse that sparked widespread protests and led to the ouster of former President Gotabaya Rajapaksa.
While investigations are ongoing, it remains unconfirmed whether the two recent thefts are linked. Member of Parliament Nalinda Jayatissa stated that officials are currently working to determine if the incidents share the same perpetrators or methodology.