Sri Lanka's government has disclosed losing more than $3 million across two separate cybersecurity incidents in quick succession, with the latest revelation coming just days after hackers stole $2.5 million from its finance ministry, compounding financial pressure on a country still rebuilding from a devastating 2022 sovereign debt crisis.
Sri Lanka has suffered two distinct cyberattacks targeting government financial systems, resulting in combined losses exceeding $3 million, according to reporting by TechCrunch. The country's finance ministry confirmed the second incident days after the first breach became public, raising serious concerns about the security of the nation's digital financial infrastructure.
The initial attack saw approximately $2.5 million stolen from the finance ministry. Shortly after that disclosure, authorities revealed a second, separate payment had also gone missing, bringing the total financial damage above the $3 million mark. Details on the precise methods used by the attackers, or whether the two incidents are linked, have not been fully confirmed by Sri Lankan officials.
The timing is particularly damaging for Sri Lanka, which has been working to stabilise its economy following a catastrophic debt crisis in 2022 that triggered widespread fuel and medicine shortages, mass protests, and the resignation of then-President Gotabaya Rajapaksa. The country secured a $2.9 billion International Monetary Fund bailout in 2023 and has since been subject to strict fiscal oversight as part of its debt restructuring programme.
Cybersecurity experts note that government financial systems in developing nations are frequent targets, often due to underinvestment in digital security infrastructure and limited capacity to detect intrusions in real time. Attacks against national treasury and finance ministry systems — sometimes involving fraudulent wire transfers or manipulation of payment systems — have been documented globally, with several high-profile incidents targeting central banks and government accounts over the past decade.
Sri Lankan authorities have not publicly named suspects or attributed the attacks to specific threat actors. It remains unclear whether the stolen funds can be recovered, as international wire fraud recovery depends heavily on the speed of detection and the jurisdictions through which funds are routed.
The dual disclosures have prompted calls from cybersecurity analysts for an urgent review of government payment systems in Sri Lanka, and raised questions about whether adequate safeguards — such as multi-factor authentication, transaction monitoring, and independent auditing — are in place across the country's financial ministries.
Analysis
Why This Matters
- Sri Lanka's loss of $3 million is significant for a country operating under IMF austerity conditions, where every dollar of public funds is subject to creditor scrutiny — the theft could complicate compliance with debt restructuring obligations.
- The rapid disclosure of a second missing payment days after the first suggests either systemic vulnerabilities across government financial systems or a single attacker with sustained access that was not fully contained.
- This serves as a broader warning to developing-nation governments that digitising financial systems without commensurate investment in cybersecurity creates exploitable vulnerabilities.
Background
Sri Lanka experienced one of Asia's worst economic collapses in 2022, running out of foreign exchange reserves and defaulting on its external debt for the first time in its history. The crisis caused acute shortages of fuel, medicine, and food, sparking mass protests that forced President Gotabaya Rajapaksa to flee the country and resign.
In March 2023, the IMF approved a $2.9 billion Extended Fund Facility for Sri Lanka, contingent on structural reforms including improved fiscal management and transparency. The country has since restructured bilateral and commercial debt, but remains under close monitoring and faces tight constraints on public spending.
Cyberattacks on government financial infrastructure are a growing global problem. The 2016 Bangladesh Bank heist — in which hackers stole $81 million via fraudulent SWIFT messages — highlighted how government banking systems can be compromised through relatively low-sophistication means. Similar attacks have targeted institutions in Vietnam, Ecuador, and several African nations.
Key Perspectives
Sri Lankan Government: Authorities face pressure to demonstrate fiscal responsibility under the IMF programme while simultaneously managing the political fallout of publicly disclosing significant losses of public funds.
Cybersecurity Community: Security analysts argue that government institutions in financially stressed countries are disproportionately targeted precisely because they lack resources to invest in modern security infrastructure, creating a vicious cycle where financial strain increases vulnerability.
Critics/Skeptics: Some observers question the transparency of the disclosures, noting that the second incident was revealed only days after the first became public — raising concerns about whether a full accounting of affected systems has been provided, or whether further losses may yet emerge.
What to Watch
- Whether Sri Lankan authorities publicly attribute the attacks to specific threat actors or disclose the method of intrusion, which would clarify the scale of the underlying vulnerability.
- Any response from the IMF regarding how these losses are treated under Sri Lanka's fiscal targets and programme compliance metrics.
- Whether a third-party cybersecurity audit of government financial systems is commissioned, and what systemic weaknesses it may reveal.