Kentucky's effort to crack down on Bitcoin ATM fraud has unexpectedly swept hardware wallet providers into the same regulatory net, raising questions about whether a consumer-protection bill could reshape self-custody obligations across the crypto industry.
House Bill 380, titled "AN ACT relating to the regulation of digital asset business," passed the Kentucky House 85-0 on March 13, 2026, and was sent to the Senate Committee on Committees three days later. The bill's core provisions target virtual currency kiosks with licensing requirements, transaction limits, fraud-prevention disclosures, and refund procedures.
But a late-stage addition, House Floor Amendment 3, expanded the bill's reach well beyond kiosk operators. The amendment defines "hardware wallet provider" as a distinct category and imposes customer-service and recovery-assistance duties on those providers.
Why Kentucky Lawmakers Targeted Bitcoin ATMs
Bitcoin ATMs, sometimes called crypto kiosks, let users buy or sell cryptocurrency at physical terminals, often found in gas stations and convenience stores. They have become a preferred tool for scammers who coach victims, frequently older adults, into depositing thousands of dollars in a single session.
FBI data cited by AARP shows Americans reported $247 million in crypto ATM-related fraud in 2024. People over 60 accounted for 86% of known-age losses that year.
Kentucky lawmaker Daniel Roe framed the problem in practical terms: "If someone wanted to deposit $22,000 into a crypto ATM at a gas station, they could do that today." HB 380 would cap daily kiosk transactions at $2,000, require clearer disclosures, and give the state enforcement tools against non-compliant operators.
Gary Adkins, describing the scam dynamic, noted that "criminals will stay on the phone with their victims, directing them step-by-step as they're putting thousands of dollars into these machines." That pattern of guided exploitation is what drove the bill's anti-fraud provisions, similar to what the FBI has warned about in TRON wallet scam operations targeting crypto users nationally.
TLDR Keypoints
- Kentucky HB 380 targets Bitcoin ATM fraud with licensing, $2,000 daily caps, and disclosure rules.
- A late amendment pulled hardware wallet providers into the same bill, requiring them to offer live customer service and help users recover seed phrases or PINs.
- The bill passed the House unanimously and is now before the Kentucky Senate.
How Hardware Wallet Providers Got Pulled Into the Same Bill
Hardware wallets are physical devices, made by companies like Ledger and Trezor, that store private keys offline. They are built around a core principle: the user, and only the user, controls access to their funds. That self-custody model is the point.
House Floor Amendment 3 introduces obligations that cut against that design. Under the amendment's text, hardware wallet providers must offer live customer service and provide "a mechanism to help a user reset a password, PIN, seed phrase, or similar information necessary to access the wallet contents."
That language creates a fundamental tension. A hardware wallet provider that can help reset a seed phrase would, by definition, need some form of access to or recovery path for that phrase. Most non-custodial wallet architectures are specifically designed so the manufacturer never has that capability, a stance that aligns with ongoing federal debates over crypto custody and consumer protection.
The enforcement mechanism is not trivial. Violations of the hardware-wallet section would be treated as unfair or deceptive trade practices under KRS 367.170, with the Kentucky Attorney General authorized to issue regulations and pursue enforcement actions.
The mismatch between the bill's ATM-focused intent and its hardware-wallet provisions is notable. Bitcoin ATM operators are custodial businesses that handle customer funds directly. Hardware wallet makers sell a product, then the user manages their own keys. Applying the same consumer-protection framework to both treats fundamentally different business models as if they carry the same obligations.
A Policy Contradiction Kentucky Has Not Resolved
Kentucky's own recent legislative history complicates the picture. In 2025, the state enacted HB 701, a bill that explicitly allowed individuals to use digital assets and self-hosted wallets. That law positioned Kentucky as supportive of personal crypto custody.
HB 380's hardware-wallet amendment appears to move in the opposite direction, imposing provider-assisted recovery expectations on devices whose entire value proposition is that no third party can access the user's keys. The state has not publicly addressed how these two laws would coexist, a tension that mirrors broader regulatory uncertainty affecting crypto markets at both state and federal levels.
No retrieved public statements from hardware wallet manufacturers respond directly to the Kentucky bill. The official record confirms the amendment text but does not include sponsor remarks explaining why hardware wallet providers were added or which companies the provision targets.
What Comes Next for Kentucky and the Wider Industry
HB 380 is not law yet. It sits before the Kentucky Senate Committee on Committees as of March 16, 2026. If the Senate passes it without stripping the hardware-wallet language, Kentucky would become one of the first states to impose recovery-assistance mandates on non-custodial wallet providers.
The practical consequences could push hardware wallet companies to limit sales or services in Kentucky rather than redesign their security architecture to comply. Compliance costs, including live customer-service infrastructure and legally defensible recovery mechanisms, could be disproportionate for a single-state market.
Other states watching Kentucky's approach may adopt similar frameworks. State-level crypto regulation often works as a template: one legislature passes a bill, and lobbyists or consumer-protection advocates carry the model to the next statehouse. If HB 380's hardware-wallet provision survives the Senate, it could become a reference point for regulators in states that have not yet addressed the question of where self-custody rights end and consumer-protection duties begin.
The Kentucky Senate's handling of Amendment 3 will signal whether lawmakers see the hardware-wallet language as an intentional policy choice or an overreach that needs trimming before the bill reaches the governor's desk.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.