In a move that has sparked widespread concern among cryptocurrency advocates, Kentucky’s House Bill 380 proposes a requirement that hardware wallet manufacturers build a ‘backdoor’ into their devices. This provision, added as a last-minute floor amendment, mandates that providers offer a mechanism to reset passwords, PINs, and seed phrases, effectively undermining the security and self-custody principles of cryptocurrencies.
A Last-Minute Amendment with Far-Reaching Implications
The amendment, introduced by state Representatives Aaron Thompson and Tom Smith, is tucked into Section 33 of the bill. It reads: ‘A hardware wallet provider shall provide a mechanism for, and assist any person who owns a hardware wallet that was provided by the provider with, resetting any password, PIN, seed phrase, or other similar information that is necessary to access the contents of the hardware wallet.’
The Bitcoin Policy Institute Sounds the Alarm
The Bitcoin Policy Institute (BPI) has been vocal in its opposition to the amendment, emphasizing that the requirement is technologically infeasible for non-custodial wallets. Hardware wallets are designed to ensure that no one, not even the manufacturer, can access or recover a user’s seed phrase. This design is a cornerstone of the security and privacy that cryptocurrencies offer.
“The mandate is technologically impossible for non-custodial wallets. Hardware wallets are specifically designed so that no one, including the manufacturer, can access or recover a user’s seed phrase,” BPI stated.
Threats to Self-Custody and User Privacy
The provisions in the bill also require identity verification checks for users requesting a password, seed phrase, or PIN reset from a hardware wallet manufacturer. This not only undermines the self-custody principle but also introduces significant privacy concerns. Self-custody is a fundamental aspect of cryptocurrencies, allowing users to maintain full control over their assets without relying on third parties.
BPI argues that such requirements could push users toward centralized custodians, which are more susceptible to hacks and business failures. Centralized services often become targets for cyberattacks, and the loss of funds in such scenarios can be catastrophic for users.
Regulatory Tensions and the Right to Self-Custody
The debate over self-custody is not unique to Kentucky. In November 2025, SEC Commissioner Hester Peirce reaffirmed the right to self-custody and financial privacy, stating that it is a foundational aspect of freedom. ‘Why should I have to be forced to go through someone else to hold my assets? It baffles me that in this country, which is so premised on freedom, that would even be an issue—of course, people can hold their own assets,’ Peirce said during an episode of the Rollup podcast.
SEC Chair Paul Atkins has also expressed support for self-custody, particularly in cases where intermediaries would impose financial or operational burdens on users. These regulatory tensions highlight the ongoing struggle between government oversight and the decentralized nature of cryptocurrencies.
Forward-Looking Insight
The Kentucky bill, if passed, could set a dangerous precedent for other states and jurisdictions. It underscores the need for continued advocacy and education to protect the principles of self-custody and user privacy. As the cryptocurrency ecosystem continues to evolve, it is crucial that policymakers understand the technological and philosophical underpinnings of these innovations to avoid enacting laws that could undermine the very benefits they seek to regulate.
About the Author
