A 77-page Kentucky bill designed to regulate crypto ATMs passed the state House 85-0 on March 13. Buried inside it is a provision that could reshape how hardware wallets work in the United States.
Section 33 of House Bill 380, added as a last-minute floor amendment, requires any hardware wallet provider to "provide a mechanism for, and assist any person who owns a hardware wallet that was provided by the provider with, resetting any password, PIN, seed phrase, or other similar information that is necessary to access the contents of the hardware wallet."
The bill now sits in the Kentucky Senate. The legislative session ends April 15.
What the Amendment Actually Requires
HB 380 started as a consumer protection bill targeting crypto kiosks. The FBI reported 10,956 crypto kiosk complaints in 2024, resulting in $246.7 million in losses, a 31% increase from 2023. Seniors over 60 accounted for roughly $107.2 million of that total.
The bill's core provisions are reasonable: $2,000 daily transaction caps on crypto ATMs, 72-hour cancellation windows, and fee limits. State Representatives Aaron Thompson and Tom Smith sponsored the measure.
But House Floor Amendment 3 tacked on Section 33, which extended the bill's reach from crypto kiosks to hardware wallets. The provision requires wallet providers to offer live customer service and help customers recover access credentials, including seed phrases.
The language also mandates identity verification checks before any reset request is processed.
Why the Crypto Industry Says This Is Impossible
The Bitcoin Policy Institute responded on March 20 with a letter to the Kentucky Senate urging removal of Section 33. Conner Brown, BPI's Managing Director, said bluntly: "Kentucky is suddenly about to ban self-custody."
BPI's core argument: hardware wallets are "specifically designed so that no one, including the manufacturer, can access or recover a user's seed phrase." The seed phrase is generated on the device and never transmitted. That is the entire security model.
Compliance would require wallet makers to either store seed phrases on their own servers or build a remote reconstruction mechanism. Both options create exactly the kind of centralized attack surface that hardware wallets exist to eliminate.
Joe Ciccolo, founder and president of compliance firm BitAML, called the provision "far more indicative of a misunderstanding than deliberate control." He warned that most non-custodial wallet providers would "exit the market altogether" rather than compromise their security architecture.
Kentucky's Own Law Contradicts the Amendment
This is where the story gets unusual. Kentucky already passed HB 701 in March 2025, which Governor Andy Beshear signed into law. That bill explicitly defined hardware wallets as devices where users "retain independent control of private keys offline" and protected the right to use them.
HB 380's Section 33 directly contradicts HB 701. One law protects self-custody. The other would require a backdoor that makes self-custody impossible.
The 85-0 House vote suggests most legislators did not understand what Section 33 does. A 77-page bill with a last-minute floor amendment on a technical subject is easy to miss, particularly when the bill's headline purpose, crypto ATM consumer protection, is genuinely popular.
What Happens Next
The bill arrived in the Kentucky Senate on March 16 and was referred to the Committee on Committees. BPI and other industry groups are pressing the Senate to strip Section 33 before any floor vote.
The federal regulatory picture adds an unusual backdrop. SEC Chair Paul Atkins has publicly supported market participants having self-custody options. Commissioner Hester Peirce, who heads the SEC's crypto task force, reaffirmed in November 2025 that self-custody and financial privacy are "foundational to freedom."
If Kentucky passes HB 380 with Section 33 intact, it would create a direct conflict between state law and the SEC's stated policy direction. It would also contradict Kentucky's own HB 701 from last year.
The legislative session deadline is April 15, 2026. If the Senate does not act before then, the bill dies.
The Broader Stakes
Kentucky is not the only state where crypto legislation is moving fast. But this particular amendment matters because it tests whether a state can effectively mandate backdoor access to self-custody wallets through consumer protection framing.
Hardware wallet makers like Ledger, Trezor, and Tangem would face an impossible choice: comply by fundamentally breaking their security model, or stop selling in Kentucky. Neither outcome protects consumers.
The irony is that the bill's ATM provisions, transaction caps, cancellation windows, and fee limits, would genuinely help the seniors losing hundreds of millions to kiosk scams. Section 33 just happened to get attached to a bill that nobody voted against.
Overview
Kentucky House Bill 380 passed the state House 85-0 on March 13, carrying a buried amendment (Section 33) that requires hardware wallet providers to help users reset seed phrases and passwords. The Bitcoin Policy Institute says compliance is "technologically impossible" without creating a cryptographic backdoor. The bill contradicts Kentucky's own HB 701, which protects self-custody rights. It now sits in the Kentucky Senate with an April 15 session deadline. Industry groups are lobbying to strip Section 33 before any floor vote.
