Sri Lanka’s Criminal Investigation Department (CID) on Tuesday informed the Colombo Fort Magistrate’s Court that investigations are underway into the alleged diversion of USD 2.5 million in Treasury funds, in a case linked to a suspected email scam involving a foreign debt repayment.

Officials told the court that the payment, made as part of Sri Lanka’s external debt servicing process, had been redirected to a third party through a fraudulent email resembling that of Australia’s Export Finance Agency.

The CID, reporting to Magistrate Isuru Neththikumara, said a 27-page report containing sensitive details had been submitted and requested that it be placed under secure custody due to the nature of the investigation.

According to investigators, the incident stems from a complaint lodged on March 24, 2026. The funds were intended for an official payment to an Australian government-linked institution through the External Resources Department and the State Debt Management Office.

However, a fraudulent email, closely mimicking the legitimate domain, had been used to send payment instructions. The original domain “exportfinance.gov.au” had allegedly been altered to “exportfinance.av.com,” leading to the transfer being made without further verification.

CID officials said they are examining whether there had been any unauthorised access to the email systems of the External Resources Department or related institutions. Initial checks with the Sri Lankan firm managing the email servers have not yet confirmed a breach, though further forensic analysis is ongoing.

Investigators noted that the system processes around 15,000 emails daily, complicating efforts to trace potential intrusions. They also told the court that, despite a prior warning regarding the suspicious domain change, the payment had been processed after the alert was issued.

The court was further informed that standard verification procedures for such transactions appeared to rely primarily on email communication, with no additional confirmation mechanisms in place before funds were released.

The CID said investigations are also exploring whether systems of the Australian institution may have been compromised. Assistance is being sought from international agencies, including Interpol and the Australian Federal Police.

No suspects have been named so far. However, the CID requested travel bans on five individuals believed to be directly linked to the email exchanges, along with permission to examine their bank accounts.

The court granted the requests and also approved the appointment of a technical committee comprising experts from the Sri Lanka Computer Emergency Readiness Team (SLCERT), the Government Analyst’s Department, and the University of Colombo’s Faculty of Computing.

Magistrate Isuru Neththikumara instructed investigators to determine whether a criminal offence had occurred, identify those responsible, and take urgent steps to prevent similar incidents in future.

The case is scheduled to be taken up again on June 3 for further progress. (Newswire)

The post Court hears CID probe into $2.5 million Treasury theft appeared first on Newswire.