Despite the Central Bank warning that the accounting information related to the incident in which US$2.5 million paid by the Treasury ended up in the hands of another party was suspicious, it has now been revealed that relevant officials confirmed the information directly with the fraudster himself.
This has been revealed in the report of the Public Finance Committee, which was recently submitted to Parliament regarding the incident.
The report concerns the US$2.5 million loss suffered by the Treasury as a result of a cybercrime incident during the repayment of foreign loans to Export Finance Australia between November 2025 and January 2026.
According to the contents of the report, several further facts have emerged regarding the incident.
The Central Bank of Sri Lanka had observed that the payment was being made to a beneficiary in the United Arab Emirates and that the address provided did not match the address of Export Finance Australia. The Central Bank had also raised concerns about possible money laundering and informed the Ministry of Finance on November 26, 2025, that the account details should be reconfirmed with the creditor.
However, instead of sending the account details to the legitimate creditor for confirmation, the Ministry had sent an email to the fraudulent party itself and confirmed the bank details with the very fraudster involved in the scam.
According to the committee report, it appears that no one had matched the names of the beneficiaries. As a result, Sri Lanka had made sovereign loan payments to Mish Global LLC, LMH Global LLC and Sifra Watan Project Management Services through a bank in Abu Dhabi.
The report further states that each of these beneficiaries had posed as Australia’s export credit agency. However, no one had taken action to question why the money was being paid to such an institution.
According to the report, on January 6, 2026, J.P. Morgan’s fraud prevention team warned that a payment made by Sri Lanka to the Export-Import Bank of India (EXIM Bank of India) was fraudulent and stopped the transaction.
Three days later, the Department of Foreign Resources reported the fraudulent domain name to the Criminal Investigation Department and the Sri Lanka Computer Emergency Readiness Team.
However, the report indicates that eleven days later, on January 20, Sri Lanka made another payment of US$997,799 to Mish Global LLC.
At the same time, ministry officials had also sent an email request to the legitimate creditor.
The loan installment had been due in the first week of January but was delayed due to a lack of resources caused by Cyclone Ditva.
Accordingly, although the Ministry believed that the money had already been sent, the report indicates that someone had been requesting additional time from Australia.






