At a Glance
- California DFPI fined LSGT Services, LLC dba Coinhub a $675,000 administrative penalty plus $105,000 in consumer restitution under the Digital Financial Assets Law (DFAL). Order signed by CEO Logan Short on October 22, 2025.
- The order specifically cites transactions exceeding $10,000 — ten times the statutory $1,000 daily limit — conducted for customers over 60 years of age. Coinhub attributed the limit breach to "software error," since corrected.
- The order quotes FinCEN guidance warning that "people aged 60 and over were more than three times as likely as younger adults to report a loss using a [crypto] kiosk."
- This is Coinhub's third state consent order under NMLS #2344713 — following Connecticut (October 2023) and Minnesota (May 2025). Our Coinhub trust rating has been lowered from A+ to B.
The California Department of Financial Protection and Innovation (DFPI) has fined LSGT Services, LLC — the Las Vegas-based operator of the Coinhub, Cash2Bitcoin, and "Lowest Fee Bitcoin ATMs" brands — a total of $780,000 ($675,000 administrative penalty plus $105,000 in consumer restitution) under a consent order executed October 22, 2025 and made public by the Commissioner of Financial Protection and Innovation on October 30, 2025. CEO Logan Short signed on behalf of LSGT Services.
Four Findings Under the Digital Financial Assets Law
The DFPI's consent order documents four separate findings of violation of California's Digital Financial Assets Law (DFAL), enacted in 2023 specifically to regulate Bitcoin ATM kiosks, and the California Consumer Financial Protection Law (CCFPL):
Finding 1 — DFAL § 3902 ($1,000 daily limit). Since January 1, 2024, on multiple occasions, Coinhub kiosks in California accepted more than $1,000 per day from customers with the same name. The order states: "Many of these transactions exceeded $10,000 — more than ten times the daily limit — and were conducted for customers over 60 years of age." Coinhub represents the breach was due to a software error, since corrected.
Finding 2 — DFAL § 3904 (15% fee cap). For a limited period after January 1, 2025, Coinhub processed transactions in which it charged customers more than the allowable fees.
Finding 3 — DFAL § 3905(a) (pre-transaction disclosures). Coinhub processed transactions without providing customers the required written pre-transaction disclosure covering asset amount, fees, and the reference exchange price.
Finding 4 — DFAL § 3905(b)(3), (8) (receipt contents). Coinhub receipts printed without the name of the operator or the name of the digital financial asset exchange used to calculate the spread charged to customers.
The Elder-Harm Framing
What distinguishes this order from the routine licensing matters that have dominated state enforcement against Bitcoin ATM operators is the DFPI's explicit invocation of elder-harm. In the recitals, the Commissioner cites an August 4, 2025 guidance from the U.S. Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) warning that "the speed and difficulty of reversing [crypto] transactions makes [crypto] an attractive payment mechanism for scammers," and quotes FinCEN's finding that
"people aged 60 and over were more than three times as likely as younger adults to report a loss using a [crypto] kiosk. More than two of every three dollars reported lost to fraud using [crypto] kiosks was lost by an older adult."
This is the regulator taking the bright-line limit in DFAL § 3902 — $1,000 per day — and linking it to the population the statute was written to protect. In that framing, a software error permitting $10,000+ transactions for customers aged 60+ is not an administrative foot-fault; it is the specific failure the statute was designed to prevent.
The Third Consent Order Under NMLS #2344713
California is the third state to bring a consent order against Coinhub (NMLS #2344713) in three years:
- Connecticut — Order – Consent, October 3, 2023. Connecticut Department of Banking. Resolved.
- Minnesota — Order – Consent Order, May 2, 2025 (NMLS Docket 91320/JPH). Minnesota Department of Commerce. Resolved.
- California — Consent Order, October 22, 2025. California DFPI. $675K + $105K restitution. Resolved.
All three appear on NMLS Consumer Access as Regulatory Actions associated with LSGT Services' money transmitter license. Taken together, they constitute a pattern — not a software glitch. A company that has accepted three consent orders across three different state statutory schemes in three years has, at minimum, a persistent gap between its internal controls and the laws of the states it operates in.
Multi-Brand Exposure
The enforcement picture widens considerably when you look at the full LSGT portfolio. In late 2025, LSGT acquired Cash2Bitcoin from Digital Access, LLC — a brand that carried three resolved consent orders of its own (Alabama 2022, Connecticut 2025, Minnesota 2025) under its prior operator. The Cash2Bitcoin Minnesota order was signed October 29, 2025 — seven days after LSGT signed the California order. Between LSGT's three Coinhub orders and Digital Access's three Cash2Bitcoin orders, the entity now operating both brands is sitting on six resolved state consent orders across five states, with combined penalties approaching $755,000 (not counting restitution).
That is the context in which bitcoinatm.news has today lowered the Coinhub trust rating from A+ to B. The score formerly benefited from LSGT's limited known enforcement footprint; with three NMLS adverse actions now properly counted — and with the California elder-harm finding treated as a consumer-harm complaint under our methodology — the math no longer supports an excellent grade.
What It Means
For customers: The consent order's Desist and Refrain Order, issued under Cal. Fin. Code § 90015(d)(1), requires Coinhub to operate its California kiosks in full compliance with DFAL going forward. Daily transaction limits should now hold at $1,000, fees should be capped at 15% or $5 (whichever is greater), and receipts should name the operator and the exchange used to calculate the spread. If you encounter a California Coinhub kiosk that accepts more than $1,000 from you on a given day, or charges more than 15%, that is a reportable violation.
For hosts: LSGT is under active compliance monitoring in California for one year from the effective date, with 60-day reports to the DFPI. Non-compliance triggers the full penalty immediately plus potential license action. Hosts with Coinhub kiosks in California should expect a higher-compliance-scrutiny operating posture from the operator in the near term.
For the industry: The California DFAL remains the most aggressive state kiosk statute in the country — a $1,000 daily cap, a 15% fee ceiling, pre-transaction disclosures, and itemized receipts. The DFPI has now demonstrated willingness to enforce it with penalties at the upper end of Bitcoin ATM state actions to date. Operators in states drafting similar legislation should assume California-style consequences are the forward-looking floor, not the ceiling.