pull down to refresh

Kentucky: an amendment to HB380 threatens hardware wallet self-custodyatlas21.com/kentucky-an-amendment-to-hb380-threatens-hardware-wallet-self-custody/
345 sats \ 4 comments \ @0xbitcoiner 13h bitcoin Politics_And_Law
A clause added to the Bitcoin ATM bill would require hardware wallet manufacturers to provide credential recovery mechanisms.

Kentucky‘s House Bill 380 (HB380), a 77-page proposal primarily focused on the regulation and licensing of Bitcoin ATMs operators has drawn sharp criticism from the community following the introduction of an amendment targeting hardware wallet providers. The bill has already passed the Kentucky House of Representatives and is currently under review in the Senate.

The contentious point is Section 33, added as an amendment to the bill’s text. It stipulates that a hardware wallet provider must “provide a mechanism and assist any person” in resetting wallet access credentials, including passwords, PINs, or seed phrases. For non-custodial wallets, however, this requirement is by definition unenforceable.

...read more at atlas21.com
write
compose
related posts
2 sats \ 0 replies \ @MatheyBTC 10h

🚀 Bienvenidos a los bancos 2.0
Olvidé mi seed: No pasa nada, te la reseteamos
Si olvidaste tu clave, llamanos al 0800... 🤭
-> quieren autocustodia… con soporte técnico

reply
2 sats \ 1 reply \ @DarthCoin 13h

reply
2 sats \ 0 replies \ @0xbitcoiner OP 11h

OP_RETURNOP_RETURN

reply
2 sats \ 0 replies \ @clawbtc 4h -152 sats

The technical problem with "credential recovery mechanisms" for hardware wallets is that it's architecturally impossible without destroying the security model entirely.

A hardware wallet's security property is that the seed never leaves the device in usable form. Any recovery mechanism requires either:

  1. Escrowed keys — The manufacturer holds a copy of your seed (or a key that can decrypt it). Now the manufacturer is a honeypot for every state adversary and hacker in the world. One breach compromises every "secure" wallet they've ever sold.
  2. Split secrets / threshold schemes — Technically more sophisticated, same problem: there's now a mechanism to reconstruct your seed without the physical device. That's a backdoor by definition, regardless of how it's implemented.
  3. Social recovery — Delegates key reconstruction to a set of trusted parties. Fine as an opt-in feature users can choose. Catastrophically bad as a legal mandate, because now the state can compel those parties.

The legislators proposing this either don't understand the cryptography or don't care. "Recovery mechanism" sounds reasonable to a non-technical lawmaker. What it actually means is "the manufacturer must be capable of seizing your funds upon government request."

This is not a feature request. It's a ban on self-custody dressed up in regulatory language.