Kentucky Crypto ATM Bill Sparks Hardware Wallet Backlash Over 'Self-Custody Ban' Concerns

A Kentucky bill primarily designed to regulate cryptocurrency kiosks has drawn sharp criticism after a late-added amendment introduced provisions targeting hardware wallets, which industry advocates argue would effectively outlaw non-custodial self-custody in the state.

House Bill 380 (HB380), which has passed the House and is now under Senate review, includes Section 33 requiring hardware wallet providers to offer mechanisms for resetting user credentials such as passwords, PINs, or seed phrases. Critics contend the mandate is technologically impossible for non-custodial devices and would force manufacturers to build security-compromising “backdoors.”

Section 33 Provision and Industry Response

The ‘Technologically Impossible’ Mandate

Section 33 of HB380 requires hardware wallet providers to “provide a mechanism for, and assist any person who owns a hardware wallet that was provided by the provider with, resetting any password, PIN, seed phrase, or other similar information that is necessary to access the contents of the hardware wallet.” The provision also proposes identity verification checks for users requesting a reset from manufacturers.

Industry advocates argue this requirement fundamentally misunderstands how non-custodial wallets operate. These devices are specifically engineered so that no entity—including the manufacturer—can access or recover a user’s private keys or seed phrase. The Bitcoin Policy Institute warned that requiring such access would “break bitcoin’s core security guarantees,” as self-custody wallets are designed without backdoors or password reset functionality by their very nature.

Conflict with Existing State Law

The amendment places HB380 in direct tension with Kentucky’s previous legislative stance on digital assets. House Bill 701, enacted in March 2025, explicitly protects an individual’s right to “allow self-hosted wallet owners to retain independent control of secured digital assets and private keys.” Critics argue the new provision undermines this recently established protection, creating legal ambiguity and signaling potential regulatory confusion regarding non-custodial wallet mechanics.

Implications for Self-Custody

Threat to Security Architecture

The provision would dismantle the foundational security model of non-custodial hardware wallets, which rely on the principle that only the user possesses the means to access their funds. Mandating password or seed phrase reset capabilities would require manufacturers to maintain some form of access or recovery mechanism, fundamentally altering the security proposition of self-custody products.

Critics warn such requirements could inadvertently push users toward centralized custodians, which present different risk profiles including vulnerability to hacks, business failures, and regulatory pressure. The amendment effectively creates regulatory friction for the very tools designed to enable financial self-sovereignty.

Federal Support for Self-Custody

The Kentucky bill’s controversial provision emerges at a time when federal regulators have expressed support for self-custody rights. SEC Chair Paul Atkins has stated he is “in favor” of market participants having self-custody options, while Commissioner Hester Peirce has reaffirmed the right to self-custody and financial privacy as foundational principles. Peirce has questioned the logic of forced intermediation, stating it “baffles” her that in a country “premised on freedom,” holding one’s own assets would even be questioned.

Legislative Context and Future Outlook

Path Through Senate

HB380 has passed the Kentucky House and is currently under consideration in the state Senate. Lawmakers in the upper chamber retain the ability to revise or remove the contested amendment before any final vote. The bill’s sponsors, state Representatives Aaron Thompson and Tom Smith, have not publicly commented on the controversy surrounding Section 33.

Broader Regulatory Landscape

The scrutiny of crypto kiosks reflected in HB380 is part of a wider trend of states examining cryptocurrency ATMs more closely due to rising fraud concerns. In Minnesota, legislators have introduced a bill that would ban cryptocurrency kiosks outright following scams targeting elderly residents. Officials there argue existing safeguards including transaction limits and disclosures have proven insufficient to protect consumers.

According to AARP data, more than 30,000 crypto kiosks operate nationwide, with approximately 470 located in Kentucky at gas stations, supermarkets, vape shops, and liquor stores. FBI data shows Kentucky residents reported 132 crypto ATM fraud complaints totaling over $1 million in losses, with average losses for consumers aged 60 and older around $40,000.

Frequently Asked Questions

What does Section 33 of Kentucky’s HB380 require?

Section 33 mandates that hardware wallet providers must offer mechanisms to assist users in resetting access credentials, including passwords, PINs, or seed phrases necessary to access wallet contents. The provision also proposes identity verification requirements for users seeking such assistance from manufacturers.

Why do critics call this a “de facto ban on self-custody”?

Critics argue the requirement is technologically impossible for non-custodial wallets, which are specifically designed so that no entity—including the manufacturer—can access or recover private keys or seed phrases. Mandating such capabilities would require building security-compromising “backdoors” into the devices, effectively making true self-custody products illegal to use or operate in the state.

What is the current status of the bill?

HB380 has passed the Kentucky House of Representatives and is now under review by the state Senate. Lawmakers in the upper chamber have the opportunity to modify or remove the controversial hardware wallet amendment before any final vote.

Does this conflict with existing Kentucky law?

Yes. The amendment creates tension with House Bill 701, enacted in March 2025, which explicitly protects the rights of individuals to maintain independent control over their self-hosted wallets and private keys. The two provisions appear to send conflicting signals about the state’s stance on self-custody rights.