The Bank of Canada’s research on a central bank digital currency (CBDC) highlights privacy vulnerabilities in cryptographic techniques like zero-knowledge proofs, which are immature and complex, potentially masking flaws. These methods lack scalability for national use and have limited deployments that comply with KYC/AML regulations. Centralized or permissioned distributed ledger technologies (DLTs) risk confidentiality, with node interconnections and consensus mechanisms susceptible to collusion or impersonation. Back-door access for regulatory compliance could be exploited, compromising user data. Public trust may erode without third-party audits. Privacy-preserving designs reduce cyberattack risks but face challenges balancing transparency for regulators with user anonymity, especially under legal frameworks requiring transaction monitoring.