‘Follow the money’ is currently the central principle of international financial security, although money itself is probably one of the most unlikely objects to make traceable. Two recent scandals around a security unit and the payment processor Wirecard show how existing systems of financial surveillance that seek to capture ‘flows’ of money for security purposes are either enabled or frustrated. While this current regime of financial surveillance adheres to demanding the free flow of money through financial infrastructures and various actors and intermediaries, new digital currencies build on a set type of ledger(s) in which money is stored as data. Hence, what we understand as money does not ‘flow’, but is rather updated. This change in the underlying infrastructure means that traceability does not need to be enacted; it is an intrinsic feature of digital currencies. With new central bank digital currencies (CBDC), the regime of financial security thus changes from the monitoring of financial flows and flagging of (potentially) illicit transactions towards the storage of financial data in (de)centralised ledgers. This form of transactional governance is engendered by shifting geopolitical agendas that increasingly rely on fractured instead of globalised financial infrastructures, thus making CBDCs themselves subject to security efforts.