Finance Ministry pays $2.5 million to global fraudster despite Central Bank advice

The Committee on Public Finance (COPF) has released a report on the fraud of a US$2.5 million sovereign loan to Australia’s ‘Export Finance Australia’ (EFA) by a group of cybercriminals. The report has revealed many crucial facts related to the said transaction.

The report reveals that this large-scale financial fraud has taken place despite the Central Bank of Sri Lanka clearly warning the Ministry of Finance that the relevant account information was suspicious and that there was a risk of money laundering.

According to the report, on November 26, 2025, the Central Bank of Sri Lanka had issued a special notice to the Ministry of Finance. It has been pointed out that it is highly suspicious that an amount due to an Australian institution was requested to be credited to an account in the United Arab Emirates. Since the addresses do not match, the Central Bank has instructed the Ministry of Finance to contact the creditor directly and reconfirm the account details.

However, the responsible officials of the Ministry of Finance did not contact the real Australian creditor of the said bond by phone or through official diplomatic channels. Instead, they sent a new email message to the same fake email address sent by the said fraudsters, asking if the bank details he had sent were correct. The State Finance Committee report shows that the Ministry of Finance officials have accepted the confirmation given by the fraudster himself that the details were correct.

In this fraud, the cybercriminals have used the fake company names ‘Mish Global LLC’, ‘LMH Global LLC’ and ‘Sifra Watan Project Management Services’. Each of these entities posed as Australia’s export credit agency and had the money credited to bank accounts in Abu Dhabi. The report states that officials failed to question why government funds were being credited to accounts with such private company names, or at least to verify the names of the entities.

The most serious aspect of this incident is that J.P. Morgan warned that a payment to India’s Exim Bank in the first week of January 2026 might be fraudulent. Despite the Ministry of Finance subsequently complaining to the Criminal Investigation Department about this, officials proceeded to pay another $997,799 to ‘Mish Global LLC’ on January 20. The Committee emphasizes that this is a serious oversight in the system.

When the real creditor (Australia) inquired about the delay in loan payments, ministry officials said that the payments were delayed due to the shortage of resources caused by Cyclone Ditva. However, the report indicates that government money was already being credited to the accounts of the fraudsters.

It is reported that the use of an outdated ‘Microsoft Exchange Server 2016’ system owned by the Ministry of Finance was a major cause of this cyber attack, and the Sri Lanka Computer Emergency Response Team (SL-CERT) had previously issued warnings about it.

Read the full report at the link below.https://www.parliament.lk/si/business-of-parliament/committees/reports