A bill in Kentucky aimed at regulating cryptocurrency service terminals (kiosks), HB380, has recently sparked widespread concern within the cryptocurrency community due to a newly added provision. This provision requires hardware wallet manufacturers to build in a secure credential reset function, allowing users to recover their accounts if they lose their mnemonic phrases or private keys. However, cryptocurrency experts argue that this requirement overlooks the fundamental principles of private keys as a core technological element, potentially undermining users' ability to self-custody their digital assets.
According to an amendment in Section 33 of the bill, hardware wallet manufacturers are mandated to provide reset options for all secure credentials. The initial intention behind this move was to help users regain access to their accounts if they misplace their recovery phrases or private keys. However, the Blockchain Industry Alliance (BPI) has strongly opposed this, warning that such a "backdoor" design would compromise the fundamental security safeguards of cryptocurrencies like Bitcoin and push users towards centralized custodial services vulnerable to hacking and system failures.
Joe Ciccolo, founder of BitAML, also pointed out that policymakers often struggle to understand the concept of "self-custody." He explained that, unlike traditional financial systems, there is no central authority in the cryptocurrency space to handle reset operations. He believes this amendment is more of a technical oversight than an intentional attempt to control the technology. He warned that this mandatory requirement could force fundamental redesigns of hardware wallets, thereby undermining the original intent of self-custody and potentially leading service providers to exit Kentucky.
Ciccolo emphasized that the bill aims to protect users who rely on self-custody for the security of their digital assets, yet the implementation of this provision could actually strip them of their most secure asset storage method. However, he also suggested that the cryptocurrency community and regulators should actively explore social recovery mechanisms and multi-signature security systems, which can enhance security without sacrificing decentralization.
He also called on cryptocurrency experts to actively communicate with policymakers, stressing the importance of protecting the autonomy and security of ordinary cryptocurrency users when proposals are based on a lack of technical understanding.
Meanwhile, state legislatures nationwide are increasingly focusing on cryptocurrency service terminals. Kentucky's HB380 bill is one strategy to curb fraud associated with physical terminals. However, in Minnesota, lawmakers are leaning towards a complete ban on cryptocurrency ATMs. Elderly residents in the state have suffered significant losses on these terminals, with police previously warning that seniors are often defrauded by scammers posing as tech support or government officials, leading to the loss of their life savings. In response, Representative Erin Koegel has introduced legislation seeking a complete ban on digital currency machines. Previously, Minnesota had attempted to regulate cryptocurrency ATM businesses by introducing frameworks like service provider licensing and setting new transaction limits of $2,000 per day.