Kentucky’s House Bill 380, already passed 85-0 in the state House, now faces criticism over a buried provision that experts say undermines cryptocurrency self-custody.
Section 33, added as a floor amendment, would force hardware wallet providers to offer mechanisms to reset user passwords, PINs, or seed phrases-requirements fundamentally incompatible with non-custodial crypto storage.
The Bitcoin Policy Institute (BPI) called the mandate “technologically impossible,” warning it would compel manufacturers to either redesign secure products or abandon the Kentucky market entirely.
Joe Ciccolo, Founder of BitAML, explained that unlike traditional finance, self-custody means no central authority can recover access credentials. “Most non-custodial providers would likely exit Kentucky rather than compromise their security model,” he said.
The provision contradicts Bitcoin’s core security architecture and could push users toward centralized custodians more vulnerable to hacks. BPI urged the Kentucky Senate to strip Section 33 before the bill advances.
HB 380 primarily regulates crypto ATMs with licensing rules and consumer disclosures-measures with broad support. But the wallet amendment, inserted without technical review, risks unintended consequences for digital asset owners seeking financial autonomy.
Ciccolo suggested safer alternatives like multi-signature setups or social recovery-methods that preserve decentralization while reducing user risk.