The Bitcoin Policy Institute (BPI) has issued a stark warning over a last-minute amendment to Kentucky House Bill 380, a state-level cryptocurrency regulatory bill. The amendment, Section 33, mandates that hardware wallet manufacturers provide a mechanism to reset or recover a user's password, PIN, or seed phrase—a requirement the BPI labels a "technologically impossible" backdoor that threatens the foundational principle of self-custody.
The provision, added as a floor amendment, states: "A hardware wallet provider shall provide a mechanism for, and assist any person who owns a hardware wallet that was provided by the provider with, resetting any password, PIN, seed phrase, or other similar information that is necessary to access the contents of the hardware wallet." The bill's sponsors are state Representatives Aaron Thompson and Tom Smith.
BPI argues this mandate fundamentally breaks the security model of non-custodial wallets, which are designed so that no one, including the manufacturer, can access a user's private keys. Complying would force a redesign that centralizes key storage, effectively pushing users toward custodial services more susceptible to hacks and failures. The bill also proposes identity verification for users requesting such resets.
With the underlying bill having significant political backing, it is expected to move to the Kentucky Senate for a final vote soon. In response, the BPI is mobilizing opposition, sending a formal letter to the Senate urging the removal of Section 33, arguing it operates as a de facto ban on secure hardware wallets in the state.
The news comes as SEC officials, including Chair Paul Atkins and Commissioner Hester Peirce, have publicly defended the right to self-custody, highlighting a growing regulatory tension over user control of digital assets.
