A state-level crypto regulatory bill introduced in Kentucky includes provisions that would force hardware wallet manufacturers to build a “backdoor” into devices, according to the Bitcoin Policy Institute.
- Kentucky House Bill 380 proposes requiring hardware wallet providers to enable recovery of seed phrases, raising concerns over potential backdoor access.
- Bitcoin Policy Institute says the requirement is technically unworkable for non-custodial wallets and could undermine self custody of private keys.
Kentucky House Bill 380 has been amended at the last minute to require manufacturers to provide recovery options for users’ seed phrases, the BPI said.
The bill was introduced by state Representatives Aaron Thompson and Tom Smith.
According to the bill’s official language, providers “shall provide a mechanism for and assist any person who owns a hardware wallet” in resetting any “password, PIN, seed phrase, or other similar information that is necessary to access the contents of the hardware wallet.”
There are also identity verification requirements for users requesting password, seed phrase, or PIN resets from manufacturers.
The BPI says this is “technologically impossible for non custodial wallets” and adds that no one “can access or recover a user’s seed phrase.”
It is a threat to self-custody, which the group warns could push users toward centralized custody options that do not offer the same level of control.
“Kentucky legislators should be protecting their constituents’ right to secure their own property. We urge the Senate to strip this provision before the bill reaches a vote,” the BPI added.
Concerns around self-custody
Self-custody remains a debated topic. Crypto proponents argue that it is a fundamental right.
Some regulators agree. For instance, U.S. SEC Chair Paul Atkins said he is “in favor” of self-custody options in cases where intermediaries impose a financial or operational burden on the user.
Meanwhile, California’s Banking and Finance Committee chair Avelino Valencia amended a bill and added provisions that protect a user’s self-custody rights.
However, last year, the SEC issued a warning to retail investors about crypto custody risks and urged users to carefully weigh the trade-offs between managing their own wallets and relying on third-party custodians.
The agency noted that losing a private key would result in permanent loss of access to crypto assets, while also cautioning that custodial services carry their own risks, including hacks, misuse, or insolvency that could leave users unable to access their funds.
