As sustained law enforcement crackdowns dismantle cybercrime compounds across Southeast Asia, international fraud syndicates have shifted their operations to Sri Lanka, transforming the island into an emerging base for sophisticated transnational scams. Once firmly entrenched in Cambodia, Myanmar, and Laos, these largely Chinese-run criminal organizations have adapted quickly, exploiting Sri Lanka’s comparatively relaxed visa-on-arrival policies, affordable luxury accommodation, reliable telecommunications infrastructure, and stable internet connectivity to rebuild their operations.

Investigators say the groups have abandoned the image of underground criminal networks in favor of sophisticated corporate facades designed to avoid suspicion. During a June 2026 raid in Colombo, authorities uncovered an extensive cache of forged corporate documents, including counterfeit legal certifications, fabricated U.S. Treasury records, and fraudulent company registrations. Some shell companies falsely claimed ownership of assets worth as much as US$10 billion, providing a convincing front for large-scale financial fraud.
Rather than operating from hidden locations, the syndicates have established themselves in luxury apartments, high-end hotels, and resort properties. One criminal network occupied eight floors of an upscale residential complex, while another converted an entire beachfront hotel into a technologically equipped scam center. These locations housed hundreds of laptops, mobile phones, dedicated SIM cards, and high-speed internet connections used to conduct scams targeting victims across North America, Europe, East Asia, and the Middle East.
The primary criminal activities involve so-called “pig butchering” investment scams, in which victims are manipulated into making fraudulent cryptocurrency investments through long-term online relationships. Telecom impersonation schemes, posing as government agencies or financial institutions, also remain a significant source of illicit revenue.
Sri Lankan authorities, supported by Military Intelligence and the Department of Immigration and Emigration, have intensified enforcement throughout 2026. By mid-year, more than 700 foreign nationals had been arrested in a series of coordinated operations.
In March, a joint operation targeting five guest houses in Anuradhapura and Mihintale led to the arrest of 134 foreign nationals, including 126 Chinese nationals. April saw another major raid in Chilaw, where police dismantled a cybercrime operation based inside a beachfront hotel, arresting 152 predominantly Chinese suspects.

Operations intensified further in May. Authorities arrested 120 foreign nationals from a multi-storey apartment complex in Rajagiriya, seizing hundreds of electronic devices. A subsequent raid in Talangama resulted in 37 additional arrests and the confiscation of nearly 150 mobile phones and 100 scam-specific SIM cards. A broader crackdown across Galle, Hikkaduwa, and Midigama led to the arrest of 221 suspects, mostly Indian and Nepalese nationals, highlighting the syndicates’ increasingly multinational recruitment strategy.
In June, investigators raided apartments in Kiribathgoda and Kollupitiya, arresting 19 suspects accused of using forged American corporate registrations to facilitate international financial fraud.
Authorities have also faced significant operational challenges. In April, dozens of detained suspects escaped from the temporary Welisara Detention Centre. Within weeks, police rearrested 30 fugitives after discovering they had leased a luxury commercial building for Rs. 1.5 million per month, installed high-speed communications equipment, and resumed scam operations despite lacking valid travel documents.
The growing threat has attracted international attention. The Chinese Embassy in Colombo has publicly acknowledged that Chinese telecom fraud networks have relocated to Sri Lanka to evade intensified regional enforcement, pledging intelligence support to assist local authorities with investigations, deportations, and prosecutions.
Investigators are now examining whether these syndicates have expanded beyond consumer fraud into attacks on critical institutions. Among the cases under scrutiny is a sophisticated cyberattack on Sri Lanka’s Treasury that reportedly caused losses estimated at US$2.5 million. If confirmed, the incident would mark a significant escalation, suggesting that criminal organizations once focused on online investment scams are now capable of targeting national financial systems, elevating the threat from organized fraud to a matter of economic and national security



