Missouri Targets CoinFlip With $1.83M Penalty Bid and Statewide Ban Amid Bitcoin ATM Scam Fears

The next fight over crypto consumer protection isn’t on-chain—it’s at the kiosk. Missouri Attorney General Catherine Hanaway has sued Bitcoin ATM operator CoinFlip, alleging the firm “knowingly facilitated fraudulent transactions” and profited through opaque, potentially predatory fees. The complaint seeks $1.83 million in penalties and an injunction to stop CoinFlip from operating in the state.

CoinFlip—already facing a major lawsuit in Iowa—rejected the claims as “meritless,” saying it runs robust safeguards and has long pushed for clear consumer protection rules for cryptocurrency kiosks. The company argues regulators should focus on “catching and stopping” the criminals who impersonate officials or tech workers to coerce victims into buying crypto. Hanaway, who likened Bitcoin ATMs to getaway cars for fraud, said she would “use every tool to flush out the cowardly scammers hiding behind screens and hold them accountable.”

The crux here isn’t whether scams exist—they do, and they’ve grown more aggressive—but where liability sits in a cash-to-crypto flow that is fast, irreversible, and happens in public retail settings. Missouri law enforcement says analysts flagged roughly 350 cases tied to these machines over the past two years. CoinFlip operates 140 kiosks in Missouri at locations like gas stations and vape shops, while the state hosts about 429 Bitcoin ATMs in total, per Coin ATM Radar. Several states are tightening the vise; Tennessee has gone as far as banning the machines outright.

The broader data are sobering. Americans reported $389 million in related losses last year, according to FBI figures. Scammers often exploit urgency and authority—one Massachusetts scheme threatened arrest for “missed jury duty”—and then route victims to the closest kiosk. Once funds convert to crypto, retrieval is nearly impossible.

Here’s the operational problem I keep coming back to: kiosk economics and consumer protection are currently misaligned. High, sometimes murky fee stacks and a business model optimized for speed can collide with safeguards that need friction to be effective. A best-in-class control stack typically includes ID verification, transaction monitoring, velocity caps, destination screening, geofences near high-risk locations, and mandatory “cooling-off” prompts that surface red flags in plain language. Many operators claim to use versions of these. Yet the rising case counts suggest the UX still lets coercion sail through.

Regulators are responding by shifting accountability up the stack. Whether that is fair depends on what an “objectively reasonable” kiosk program should block. If a victim is standing at a machine after a threatening call, should the software force a typed acknowledgment—“No one is telling me to do this, and I understand crypto transfers cannot be reversed”—and throttle first-time buys over a certain threshold? Should fee disclosures move from fine print to prominent, per-dollar callouts? These measures do not catch every scam, but they raise the cost of exploitation and set a clearer standard of care.

Business pressure is mounting. Just days before this suit, top competitor Bitcoin Depot filed for Chapter 11, citing “increased litigation costs” in an SEC filing, and shut down its network of over 9,000 machines. That signals a model under legal and financial strain. If states continue to push bans or heavy penalties, survivors will likely be those that treat compliance and education as product features, not checkboxes.

CoinFlip says it will defend itself in court. Missouri wants it out of the “Show Me State.” Between those poles sits the real test: can kiosk operators prove their controls, pricing clarity, and customer prompts are strong enough that, when scams slip through, the blame doesn’t shift from the fraudster to the hardware?