Catenaa, Monday, March 23, 2026-A proposed Kentucky bill to regulate cryptocurrency kiosks, including crypto ATMs, has sparked sharp criticism from digital asset advocates after a late amendment that they say could effectively outlaw self‑custody wallets in the state.
House Bill 380, a 77‑page proposal primarily focused on licensing and oversight requirements for operators of virtual currency kiosks, recently passed the Kentucky House unanimously and is now under consideration in the Senate. But critics say a provision added near the end of the bill could undermine a core principle of cryptocurrency — individual control over private keys.
The amendment, Section 33 of the bill, would require hardware wallet providers to “provide a mechanism for, and assist any person” in resetting credentials — such as a password, PIN or seed phrase — needed to access a wallet. Supporters of self‑custody said that mandate is incompatible with how most non‑custodial wallets are architected.
Hardware wallets are designed so that device manufacturers do not store or know users’ private keys or seed phrases, meaning there is no way to assist with recovery without building structural backdoors.
The controversial language was first flagged by the Bitcoin Policy Institute, which warned that such a requirement would be “technologically impossible” for genuine non‑custodial wallets and that the provision could push users toward centralized custodial services instead.
Critics argue that forcing hardware wallet makers to build recovery mechanisms or face penalties could diminish the security guarantees that make self‑custody attractive in the first place, weakening protections that distinguish blockchain wallets from bank‑style accounts.
Conner Brown, the organization’s managing director, said Kentucky risked “suddenly … banning self‑custody” if the provision remains in the legislation, because compliant wallet providers would be unable to operate under the law without fundamentally altering how private key security works. The Block reached out to Brown for further comment.
House Bill 380 initially aimed to establish a comprehensive framework for virtual currency kiosks and crypto ATMs in the state.
Under the bill as passed by the House, kiosk operators would be required to apply for a license, maintain surety bonds or similar security, and comply with rules on recordkeeping, transaction limits, disclosures and consumer protection.
It also subjects kiosk operators to inspection, reporting and anti‑fraud measures and grants enforcement authority to Kentucky’s Department of Financial Institutions.
The bill’s task force and legislative sponsors said the goal is to curb scams, protect residents and hold unregulated operators accountable. Physical crypto kiosks have attracted scrutiny in several states amid reports of fraud, including cases where older residents were pressured into sending funds to criminals after interacting with unscrupulous operators.
Those concerns drove similar regulatory interest elsewhere, including proposals in Minnesota seeking to ban crypto ATM operations outright due to rising scams and ineffective safeguards.
Critics note that Section 33’s hardware wallet requirement appears to conflict with earlier Kentucky policy on digital assets. In March 2025, the state enacted House Bill 701, which explicitly protected the right of individuals to hold digital assets in self‑hosted wallets and retain independent control of private keys — a law widely seen as reinforcing the right to self‑custody.
The newer language in HB380 was seen by advocates as undermining that principle by imposing operational obligations impossible to meet by design.
That inconsistency has created confusion among industry observers and digital rights proponents, who argue that lawmakers should clarify the state’s stance on individual control of crypto assets.
Many crypto users choose non‑custodial hardware wallets precisely to keep their private keys out of the hands of centralized services.
Hardware wallets — standalone devices not continuously connected to the internet — are widely used to secure digital assets and minimize exposure to hacks or third‑party failures. Any requirement to build recovery systems could force manufacturers to store sensitive data or retake control of user wallets, creating new security vulnerabilities.
Tech security experts say that introducing backdoors or recovery mechanisms would weaken the encryption and trust models that underpin hardware wallets. Bitcoin and other major cryptocurrencies rely on private key cryptography, meaning that only the key holder should have access to funds — a feature considered essential for censorship resistance and digital sovereignty.
Opponents also argue the amendment could discourage innovation and market participation from wallet developers, who may simply elect not to offer products in the state to avoid compliance risks.
HB380 has passed the Kentucky House and awaits further consideration in the Senate. Lawmakers could revise or remove the hardware wallet clause before a final vote.
If the provision remains, critics warn it could chill the use of non‑custodial wallets in the state and push users toward centralized services that manage credentials on behalf of users — the very model many crypto proponents sought to avoid.
The debate in Kentucky reflects broader tensions in crypto regulation nationwide, where states and federal policymakers grapple with balancing consumer protection, fraud prevention and the preservation of individual autonomy over digital assets.
How Kentucky resolves this issue could influence similar discussions elsewhere as regulators refine their approaches to emerging digital finance technologies.
