Sri Lanka Suffers $3M Loss in Dual Cyber Attacks

The Sri Lankan government has disclosed the loss of more than $3 million across two distinct cybersecurity incidents that have struck the nation's financial infrastructure in recent weeks. These breaches represent a significant setback for a country already grappling with the aftermath of its devastating 2022 debt crisis, adding layers of complexity to an already fragile economic recovery. The twin attacks underscore the vulnerability of critical government systems and raise urgent questions about the nation's cyber defense capabilities during a period of financial instability.

In the most recent incident, officials confirmed that hackers successfully infiltrated the Sri Lanka finance ministry and executed a theft of approximately $2.5 million. This breach represents one of the most significant cyberattacks on government financial systems in the country's recent history. The stolen funds were transferred through unauthorized channels before authorities could detect and halt the transactions, exposing serious gaps in the ministry's transaction monitoring protocols and real-time fraud detection mechanisms.

The disclosure of this substantial financial loss prompted further investigation into other potential breaches affecting government accounts and payment systems. Within days of publicly acknowledging the $2.5 million theft, Sri Lankan authorities revealed an additional missing payment that brought the total losses to over $3 million. This subsequent discovery indicates that the initial breach may have been more extensive than first understood, with attackers potentially maintaining persistent access to multiple government financial systems over an extended period.