Topic: Understanding the Model
Core Concept
What is BUNKEROID?
BUNKEROID is a physical, modular system for managing access to information.
It is about controlling who knows what, when, and under what conditions.
What do we mean by “information”?
- seed
- part of a seed
- PIN
- date
- passphrase
- instructions
or a combination of data that individually has no value, but together does.
Information stored in BUNKEROID does not have to be secret.
What is secret is its structure and meaning.
BUNKEROID operates on the principles of:
- knowledge separation
- epistemic boundaries (who is allowed to know what)
- controlled reconstruction
Individual parts are:
- physically separated
- harmless on their own
- often meaningless without context
Who does it make sense for?
For individuals and organizations that:
- manage risk related to information, assets, or coins
- do not want a single point of failure
- need to work with multiple people, roles, or scenarios
- want to remain offline, sovereign, and without a third party
BUNKEROID can also function as a simple information carrier, such as a SEED.
However, this is only the lowest level of use.
Its real value lies in enabling the design of who knows what – not merely where something is written down.
BUNKEROID does not protect a secret.
BUNKEROID manages knowledge – who can access which secret.
It is about controlling who knows what, when, and under what conditions.
What do we mean by “information”?
- seed
- part of a seed
- PIN
- date
- passphrase
- instructions
or a combination of data that individually has no value, but together does.
Information stored in BUNKEROID does not have to be secret.
What is secret is its structure and meaning.
BUNKEROID operates on the principles of:
- knowledge separation
- epistemic boundaries (who is allowed to know what)
- controlled reconstruction
Individual parts are:
- physically separated
- harmless on their own
- often meaningless without context
Who does it make sense for?
For individuals and organizations that:
- manage risk related to information, assets, or coins
- do not want a single point of failure
- need to work with multiple people, roles, or scenarios
- want to remain offline, sovereign, and without a third party
BUNKEROID can also function as a simple information carrier, such as a SEED.
However, this is only the lowest level of use.
Its real value lies in enabling the design of who knows what – not merely where something is written down.
BUNKEROID does not protect a secret.
BUNKEROID manages knowledge – who can access which secret.
Is BUNKEROID restricted to BIP39 word lists?
No.
BUNKEROID is not tied to any specific standard, word list, or protocol.
It is not a "BIP39 device." It is a physical system for organizing text segments according to rules defined by the user.
You can use:
BIP39 words
numeric indexes
alphanumeric strings
custom texts
combinations of the above
BUNKEROID does not know the meaning of the stored text.
It does not work with context, only with physical structure.
What is a "seed," "passphrase," "PIN," or "just noise" is not determined by the manufacturer.
It is determined by the user.
The system is designed to work without knowledge of the content.
Therefore, it is not limited to BIP39 – or even cryptocurrencies.
It is a knowledge management tool, not an implementation of a specific standard.
Translated with DeepL.com (free version)
BUNKEROID is not tied to any specific standard, word list, or protocol.
It is not a "BIP39 device." It is a physical system for organizing text segments according to rules defined by the user.
You can use:
BIP39 words
numeric indexes
alphanumeric strings
custom texts
combinations of the above
BUNKEROID does not know the meaning of the stored text.
It does not work with context, only with physical structure.
What is a "seed," "passphrase," "PIN," or "just noise" is not determined by the manufacturer.
It is determined by the user.
The system is designed to work without knowledge of the content.
Therefore, it is not limited to BIP39 – or even cryptocurrencies.
It is a knowledge management tool, not an implementation of a specific standard.
Translated with DeepL.com (free version)
Where did the 60-word concept come from?
The idea behind BUNKEROID and the 60-word concept did not arise from the question “how many words does a seed have”,
but from the question:
How do you design a physical system that works without knowing the content and without requiring trust in the manufacturer?
60 words are neither a security minimum nor a compromise.
They are a structural optimum.
BUNKEROID does not need to know – and must not know – how many of these words the customer actually uses to assemble a SEED.
The remaining words are not “extra”.
They are working space.
What does this space enable?
Thanks to the 25-position matrix on the other side of BUNKEROID, the user can assemble a completely random informational matrix of text strings,
which they read according to their own logic, direction, and number of segments, aligned with their natural requirements.
This allows the creation of multiple passphrases assigned to situations, organizations, or people at the user’s discretion.
For an external observer, it is extremely difficult – if not impossible – to distinguish what is real and what is merely a protective information layer.
Even if someone sees the entire BUNKEROID, knows part of the data, or physically holds it,
without knowledge of the structure they cannot determine the correct combination.
From an attacker’s perspective, the content is nondeterministic.
60 words are not about memory.
They are about controlling meaning in chaos.
but from the question:
How do you design a physical system that works without knowing the content and without requiring trust in the manufacturer?
60 words are neither a security minimum nor a compromise.
They are a structural optimum.
BUNKEROID does not need to know – and must not know – how many of these words the customer actually uses to assemble a SEED.
The remaining words are not “extra”.
They are working space.
What does this space enable?
Thanks to the 25-position matrix on the other side of BUNKEROID, the user can assemble a completely random informational matrix of text strings,
which they read according to their own logic, direction, and number of segments, aligned with their natural requirements.
This allows the creation of multiple passphrases assigned to situations, organizations, or people at the user’s discretion.
For an external observer, it is extremely difficult – if not impossible – to distinguish what is real and what is merely a protective information layer.
Even if someone sees the entire BUNKEROID, knows part of the data, or physically holds it,
without knowledge of the structure they cannot determine the correct combination.
From an attacker’s perspective, the content is nondeterministic.
60 words are not about memory.
They are about controlling meaning in chaos.
Is BUNKEROID only for Bitcoin?
No.
BUNKEROID does not know what Bitcoin is.
It does not know what a seed, wallet, or blockchain is.
It works with text segments.
That's all.
You can use it for:
Bitcoin, Other cryptocurrencies, Shamir schemes, passwords, access data, internal company codes,
or any system where it is necessary to manage the structure of information
BUNKEROID is not a crypto product.
It is a physical tool for knowledge management.
Bitcoin is just one of the possible use cases,but we like BUTCOIN and the product is based on its ideas.
The system is universal.
The meaning is defined by the user.
Translated with DeepL.com (free version)
BUNKEROID does not know what Bitcoin is.
It does not know what a seed, wallet, or blockchain is.
It works with text segments.
That's all.
You can use it for:
Bitcoin, Other cryptocurrencies, Shamir schemes, passwords, access data, internal company codes,
or any system where it is necessary to manage the structure of information
BUNKEROID is not a crypto product.
It is a physical tool for knowledge management.
Bitcoin is just one of the possible use cases,but we like BUTCOIN and the product is based on its ideas.
The system is universal.
The meaning is defined by the user.
Translated with DeepL.com (free version)
Do I have to store a seed in BUNKEROID?
Not only.
BUNKEROID does not require you to store your seed in it.
The seed is just one of many possible types of information.
You can use it for: part of the seed, passphrase, PINs, combination of data,
or a completely different information structure
BUNKEROID is not just a "seed backup device."
It is a system for managing access to information.
The seed can be:
split
supplemented with a passphrase
combined with the Shamir scheme
or even publicly known without losing control
The information itself is not decisive.
What matters is the structure and rules of reconstruction.
BUNKEROID does not deal with what you store.
It deals with who knows what – and under what conditions.
BUNKEROID does not require you to store your seed in it.
The seed is just one of many possible types of information.
You can use it for: part of the seed, passphrase, PINs, combination of data,
or a completely different information structure
BUNKEROID is not just a "seed backup device."
It is a system for managing access to information.
The seed can be:
split
supplemented with a passphrase
combined with the Shamir scheme
or even publicly known without losing control
The information itself is not decisive.
What matters is the structure and rules of reconstruction.
BUNKEROID does not deal with what you store.
It deals with who knows what – and under what conditions.
Is BUNKEROID a security product or an organizational tool?
It is an organizational tool.
Security is a consequence of proper structure, not a property of metal.
BUNKEROID does not actively "protect" anyone.
It does not encrypt, block, or track.
It organizes information so that:
- there is no single point of failure
- no one has complete knowledge without rules
- reconstruction requires structure, not chance
If the architecture is designed correctly, the result is a high level of security.
If it is designed poorly, even the most expensive material will not help.
BUNKEROID is therefore not a "security device."
It is a physical tool for knowledge management.
Security comes from design.
Not from marketing labels
Security is a consequence of proper structure, not a property of metal.
BUNKEROID does not actively "protect" anyone.
It does not encrypt, block, or track.
It organizes information so that:
- there is no single point of failure
- no one has complete knowledge without rules
- reconstruction requires structure, not chance
If the architecture is designed correctly, the result is a high level of security.
If it is designed poorly, even the most expensive material will not help.
BUNKEROID is therefore not a "security device."
It is a physical tool for knowledge management.
Security comes from design.
Not from marketing labels
If someone finds the entire BUNKEROID, what can they actually discover?
It depends on the architecture designed by the user.
BUNKEROID itself does not "reveal" anything.
It only contains text segments without context.
If someone holds the entire BUNKEROID in their hand, they can see:
individual words or strings
their physical layout
the position matrix
However, this does not mean that they know:
which segments are relevant
in what order they are read
which combinations are valid
what is real data and what is a protective layer
Without knowledge of the reconstruction rules, the content is non-deterministic.
An attacker may have the material.
However, it is meaningless.
If the architecture is designed correctly (passphrase, Shamir, knowledge sharing), simply finding the device is not enough to reconstruct critical data.
BUNKEROID does not assume that no one will ever see it.
It assumes that meaning is not stored in the object, but in the structure
BUNKEROID itself does not "reveal" anything.
It only contains text segments without context.
If someone holds the entire BUNKEROID in their hand, they can see:
individual words or strings
their physical layout
the position matrix
However, this does not mean that they know:
which segments are relevant
in what order they are read
which combinations are valid
what is real data and what is a protective layer
Without knowledge of the reconstruction rules, the content is non-deterministic.
An attacker may have the material.
However, it is meaningless.
If the architecture is designed correctly (passphrase, Shamir, knowledge sharing), simply finding the device is not enough to reconstruct critical data.
BUNKEROID does not assume that no one will ever see it.
It assumes that meaning is not stored in the object, but in the structure
Why is an ordinary metal plate not enough?
Because metal does not address structure.
A standard metal plate preserves text.
However, it cannot control meaning, order, or access.
If someone finds a classic "seed plate," they have everything.
It is a single object. A single point of failure.
Resistance to fire or water does not address:
who has access
who knows the entire text
how the information is reconstructed
what is real and what is a protective layer
A standard plate is a passive storage device.
BUNKEROID is architecture.
It does not work on the assumption that no one will ever see the object.
It works on the assumption that meaning is not stored in one place.
Metal can survive a fire.
But if it contains complete knowledge, it has failed.
Without structure, even the hardest material is just expensive paper.
A standard metal plate preserves text.
However, it cannot control meaning, order, or access.
If someone finds a classic "seed plate," they have everything.
It is a single object. A single point of failure.
Resistance to fire or water does not address:
who has access
who knows the entire text
how the information is reconstructed
what is real and what is a protective layer
A standard plate is a passive storage device.
BUNKEROID is architecture.
It does not work on the assumption that no one will ever see the object.
It works on the assumption that meaning is not stored in one place.
Metal can survive a fire.
But if it contains complete knowledge, it has failed.
Without structure, even the hardest material is just expensive paper.
Is security about hiding or about access control?
Security is not about hiding.
Hiding is fragile.
All it takes is chance, accident, or curiosity—and the secret is revealed.
True security is about controlling access.
It's not about making sure no one ever finds the object.
It's about making sure that finding it is not enough.
Hiding works with the illusion of invisibility.
Access control works with structure.
If information is stored as a single entity, it must remain hidden.
If it is divided, structured, and bound by reconstruction rules, it can be visible – and still secure.
BUNKEROID is built on the second principle.
It does not protect by disappearing.
It protects by making meaning inaccessible.
Security is a question of architecture, not a secret hiding place.
Hiding is fragile.
All it takes is chance, accident, or curiosity—and the secret is revealed.
True security is about controlling access.
It's not about making sure no one ever finds the object.
It's about making sure that finding it is not enough.
Hiding works with the illusion of invisibility.
Access control works with structure.
If information is stored as a single entity, it must remain hidden.
If it is divided, structured, and bound by reconstruction rules, it can be visible – and still secure.
BUNKEROID is built on the second principle.
It does not protect by disappearing.
It protects by making meaning inaccessible.
Security is a question of architecture, not a secret hiding place.
Is BUNKEROID limited to seed words?
BUNKEROID is not strictly bound to words.
Words are simply the most commonly used format, not a technical limitation.
BUNKEROID works with text strings, not with a dictionary.
A user may therefore use:
- words from BIP39, SLIP39, AEZEED, Electrum, or Monero
- numeric indexes
- custom numeric or alphanumeric strings
- combinations of words, numbers, and symbols
- completely abstract codes with no meaning to a third party
From the system’s perspective, these are always just characters without context.
Why are we not bound to words?
Because BUNKEROID does not care about language, vocabulary, or meaning.
It cares about structure, combinations, and access rules.
Whether information is stored as a word, number, or index is the user’s decision, not the manufacturer’s.
BUNKEROID is not a “word system”.
It is a carrier and organizer of information.
Words are simply the most commonly used format, not a technical limitation.
BUNKEROID works with text strings, not with a dictionary.
A user may therefore use:
- words from BIP39, SLIP39, AEZEED, Electrum, or Monero
- numeric indexes
- custom numeric or alphanumeric strings
- combinations of words, numbers, and symbols
- completely abstract codes with no meaning to a third party
From the system’s perspective, these are always just characters without context.
Why are we not bound to words?
Because BUNKEROID does not care about language, vocabulary, or meaning.
It cares about structure, combinations, and access rules.
Whether information is stored as a word, number, or index is the user’s decision, not the manufacturer’s.
BUNKEROID is not a “word system”.
It is a carrier and organizer of information.
Topic: How it works in the real world
Security and Architecture
Is ordering and delivery truly anonymous?
The ordering and delivery process is extremely sensitive, as the product implies that the future owner of BUNKEROID controls a critical amount of crypto assets and may therefore be a potential target.
As a manufacturer, we are exposed to increased risk of data leakage.
A successful attack on our customer data would not directly endanger us beyond reputational damage.
However, in light of recent events, we have implemented additional security measures.
AML/KYC unfortunately acts as a blueprint that directly benefits criminal groups seeking access to sensitive customer information.
Our solution is straightforward.
We do not recommend bank transfers.
We prefer payments via the Lightning Network, which prevents both us and potential attackers from “seeing” the contents of the client’s wallet.
We do not collect delivery addresses, buyer names, or other personal data.
After payment via the HYDRANODE terminal, the ordered BUNKEROID set is sent directly to a Packeta pickup box under your chosen pseudonym.
The only identifying party known to Packeta is us.
If the package is not collected within the specified time, it is returned to us and the situation is resolved via reshipment or agreement.
We recommend creating an anonymous, temporary email address for communication during manufacturing and delivery.
Because the product is directly linked to your crypto transaction, this approach is also highly effective for secondary operations:
authenticity verification, warranty claims, and discounts on future orders.
As a result, payment via traditional banks is priced 10% higher, as it introduces legal obligations related to data protection and compliance.
These obligations are extremely inefficient and still do not protect you from potential attacks.
Both options – anonymous crypto payment and easily identifiable fiat payment – are available.
You decide which path you choose.
As a manufacturer, we are exposed to increased risk of data leakage.
A successful attack on our customer data would not directly endanger us beyond reputational damage.
However, in light of recent events, we have implemented additional security measures.
AML/KYC unfortunately acts as a blueprint that directly benefits criminal groups seeking access to sensitive customer information.
Our solution is straightforward.
We do not recommend bank transfers.
We prefer payments via the Lightning Network, which prevents both us and potential attackers from “seeing” the contents of the client’s wallet.
We do not collect delivery addresses, buyer names, or other personal data.
After payment via the HYDRANODE terminal, the ordered BUNKEROID set is sent directly to a Packeta pickup box under your chosen pseudonym.
The only identifying party known to Packeta is us.
If the package is not collected within the specified time, it is returned to us and the situation is resolved via reshipment or agreement.
We recommend creating an anonymous, temporary email address for communication during manufacturing and delivery.
Because the product is directly linked to your crypto transaction, this approach is also highly effective for secondary operations:
authenticity verification, warranty claims, and discounts on future orders.
As a result, payment via traditional banks is priced 10% higher, as it introduces legal obligations related to data protection and compliance.
These obligations are extremely inefficient and still do not protect you from potential attacks.
Both options – anonymous crypto payment and easily identifiable fiat payment – are available.
You decide which path you choose.
What materials is BUNKEROID made of and why?
BUNKEROID is primarily made from anodized aluminum.
All covers are thin stainless steel plates, and the screws are stainless steel and titanium.
The priority is not extreme durability, but controlled material behavior.
Aluminum and stainless steel are dimensionally stable, allow precise mechanical placement of segments,
provide long-term readability of engraved data, and most importantly exhibit predictable behavior under extreme conditions.
Exotic materials would increase cost, create a false sense of security, and support the incorrect assumption that a single object should protect the entire system.
That is exactly the logic BUNKEROID rejects.
The true priority is controlled failure, not denial of failure.
Predictable material behavior ensures that the physical carrier becomes a security feature rather than a weakness.
The material serves the system.
The system does not serve the material.
Under normal real-world use, BUNKEROID has an effectively unlimited lifespan.
It contains no electronics, moving parts, or consumables.
Material failure is not an operational scenario.
It is an extreme scenario the system explicitly accounts for.
BUNKEROID materials were not chosen to “withstand everything”.
They were chosen to behave correctly when things fail.
All covers are thin stainless steel plates, and the screws are stainless steel and titanium.
The priority is not extreme durability, but controlled material behavior.
Aluminum and stainless steel are dimensionally stable, allow precise mechanical placement of segments,
provide long-term readability of engraved data, and most importantly exhibit predictable behavior under extreme conditions.
Exotic materials would increase cost, create a false sense of security, and support the incorrect assumption that a single object should protect the entire system.
That is exactly the logic BUNKEROID rejects.
The true priority is controlled failure, not denial of failure.
Predictable material behavior ensures that the physical carrier becomes a security feature rather than a weakness.
The material serves the system.
The system does not serve the material.
Under normal real-world use, BUNKEROID has an effectively unlimited lifespan.
It contains no electronics, moving parts, or consumables.
Material failure is not an operational scenario.
It is an extreme scenario the system explicitly accounts for.
BUNKEROID materials were not chosen to “withstand everything”.
They were chosen to behave correctly when things fail.
How does BUNKEROID handle knowledge division?
text
How does BUNKEROID approach physical resistance and disaster scenarios??
No, we do not subject BUNKEROID to extreme “fireproof” stress tests.
The reason is simple:
BUNKEROID is designed for real use in the real world, not for theoretical scenarios from marketing brochures.
If a fire or building collapse occurs, no one will allow you to enter the rubble to dig through debris searching for a “miraculously survived metal plate”.
No one.
Emergency and security services will prevent it.
That is reality, not a hypothesis.
The real scenario is different:
Someone foreign gains access to the ruins, finds the object, understands its significance, and has both time and motivation to abuse the situation.
That is why BUNKEROID is NOT fireproof – and why it consciously takes this reality into account.
Its body is made of aluminum with limited fire resistance.
Under extreme heat, it begins to deform and melt, releasing mechanically fixed segments, preventing correct reading, and destroying the content.
This is its primary security feature.
Protection against fire, floods, earthquakes, or other natural disasters is NOT solved by a single piece of metal.
That is the role of Shamir Secret Sharing, geographic distribution of partial information, and elimination of single points of failure.
Attempting to make BUNKEROID “indestructible” would be a waste of resources at the expense of an effective system-level solution.
This is the difference between marketing and security engineering.
BUNKEROID is built for the real world.
The reason is simple:
BUNKEROID is designed for real use in the real world, not for theoretical scenarios from marketing brochures.
If a fire or building collapse occurs, no one will allow you to enter the rubble to dig through debris searching for a “miraculously survived metal plate”.
No one.
Emergency and security services will prevent it.
That is reality, not a hypothesis.
The real scenario is different:
Someone foreign gains access to the ruins, finds the object, understands its significance, and has both time and motivation to abuse the situation.
That is why BUNKEROID is NOT fireproof – and why it consciously takes this reality into account.
Its body is made of aluminum with limited fire resistance.
Under extreme heat, it begins to deform and melt, releasing mechanically fixed segments, preventing correct reading, and destroying the content.
This is its primary security feature.
Protection against fire, floods, earthquakes, or other natural disasters is NOT solved by a single piece of metal.
That is the role of Shamir Secret Sharing, geographic distribution of partial information, and elimination of single points of failure.
Attempting to make BUNKEROID “indestructible” would be a waste of resources at the expense of an effective system-level solution.
This is the difference between marketing and security engineering.
BUNKEROID is built for the real world.
Topic: What it looks like in practice
Practical Use
What is the simplest setup for an individual?
The basic setup is very straightforward.
Page 1:
Standard 12/18/24-word seed for a common HW wallet.
Page 2:
Passphrase matrix that allows you to create multiple passphrases.
The user uses one specific passphrase,
but the reading method (direction, number of segments, order) is known only to them.
This means that even if an attacker sees the entire content, they must first understand the logic of reconstruction.
This significantly increases the difficulty of the attack.
However, due to the extreme simplicity of this setting, it is recommended to have at least one duplicate stored in a different geolocation in case of loss.
This is particularly advantageous for individually owned operational wallets, where changing the security model only means exchanging seed PINs or modifying the passphrase matrix.
In this model, BUNKEROID contains almost all the information needed for reconstruction.
Therefore, it is essential to prevent loss or targeted theft.
This is the simplest model.
Page 1:
Standard 12/18/24-word seed for a common HW wallet.
Page 2:
Passphrase matrix that allows you to create multiple passphrases.
The user uses one specific passphrase,
but the reading method (direction, number of segments, order) is known only to them.
This means that even if an attacker sees the entire content, they must first understand the logic of reconstruction.
This significantly increases the difficulty of the attack.
However, due to the extreme simplicity of this setting, it is recommended to have at least one duplicate stored in a different geolocation in case of loss.
This is particularly advantageous for individually owned operational wallets, where changing the security model only means exchanging seed PINs or modifying the passphrase matrix.
In this model, BUNKEROID contains almost all the information needed for reconstruction.
Therefore, it is essential to prevent loss or targeted theft.
This is the simplest model.
What does a setup for a family look like?
A family setup often assumes that children are still inexperienced users.
They can learn how to operate a hardware wallet, but they usually do not yet understand the sensitivity and importance of secret data.
For this reason, the parent keeps the reconstruction logic.
On one side of the BUNKEROID the SEED is stored.
On the other side there is a passphrase matrix from which the parent can derive multiple passphrases — for example three columns, each intended for one child.
Each child receives their own Trezor device, activated by the parent with a specific passphrase derived from the matrix.
The passphrase can be a simple word or phrase that the child can easily remember.
As a PIN, the parent may simply use the child’s birth date, which is naturally easy for the child to remember.
The child therefore operates their wallet using:
• their own Trezor
• a simple PIN
• a memorable passphrase
At the same time, the parent still retains full control of the overall structure.
The parent can:
• send funds to the child (for example as a reward for good grades)
• change or rotate passphrases
• recover the wallet if the device is lost
• or completely modify access if needed
Children gradually learn how to use cryptocurrency and develop good security habits without risking permanent loss of funds.
The parent manages the structure.
The children learn how to use it.
BUNKEROID therefore allows parents to manage access to digital assets in a similar way they manage pocket money — gradually, under control, and without putting the entire family wealth at risk.
They can learn how to operate a hardware wallet, but they usually do not yet understand the sensitivity and importance of secret data.
For this reason, the parent keeps the reconstruction logic.
On one side of the BUNKEROID the SEED is stored.
On the other side there is a passphrase matrix from which the parent can derive multiple passphrases — for example three columns, each intended for one child.
Each child receives their own Trezor device, activated by the parent with a specific passphrase derived from the matrix.
The passphrase can be a simple word or phrase that the child can easily remember.
As a PIN, the parent may simply use the child’s birth date, which is naturally easy for the child to remember.
The child therefore operates their wallet using:
• their own Trezor
• a simple PIN
• a memorable passphrase
At the same time, the parent still retains full control of the overall structure.
The parent can:
• send funds to the child (for example as a reward for good grades)
• change or rotate passphrases
• recover the wallet if the device is lost
• or completely modify access if needed
Children gradually learn how to use cryptocurrency and develop good security habits without risking permanent loss of funds.
The parent manages the structure.
The children learn how to use it.
BUNKEROID therefore allows parents to manage access to digital assets in a similar way they manage pocket money — gradually, under control, and without putting the entire family wealth at risk.
What does a setup for a company look like?
In a corporate environment it is often necessary to manage multiple levels of access.
Different departments, managers, and employees may need to use funds, but no single person should control the entire infrastructure.
One possible model is therefore a public SEED combined with a hierarchy of passphrases.
In this setup, the base SEED is public — for example displayed on a board in the company office.
Every employee can use this SEED to initialize their own Trezor device.
However, the SEED alone does not provide access to funds.
Actual access is created only when a passphrase is applied.
Employees receive their passphrases from their supervisors, who assign access according to organizational roles.
A manager may therefore provide a specific passphrase that activates a particular set of addresses or a wallet intended for that employee’s operational tasks.
This allows the company to create a hierarchy of passphrases.
For example:
• the CEO assigns several passphrases to division directors
• directors assign additional passphrases to department managers
• department managers then assign passphrases to their teams
Each level of the organization works only with the access it actually needs.
The list of passphrases can be managed:
• centrally – for example by company leadership
• or decentrally – distributed among multiple managers
Depending on the organizational structure, the company can determine the number of BUNKEROID devices required and whether passphrase matrices are created on one or both sides of the BUNKEROID.
The result is a system where the underlying infrastructure is transparent, but actual access is controlled through distributed knowledge of passphrases.
In such a model, the SEED can safely be public — as long as the real meaning and access remain hidden in the structure of passphrases.
This allows a company to manage access to digital assets much like it manages access to internal systems or budgets — through roles, responsibility, and hierarchical control.
Different departments, managers, and employees may need to use funds, but no single person should control the entire infrastructure.
One possible model is therefore a public SEED combined with a hierarchy of passphrases.
In this setup, the base SEED is public — for example displayed on a board in the company office.
Every employee can use this SEED to initialize their own Trezor device.
However, the SEED alone does not provide access to funds.
Actual access is created only when a passphrase is applied.
Employees receive their passphrases from their supervisors, who assign access according to organizational roles.
A manager may therefore provide a specific passphrase that activates a particular set of addresses or a wallet intended for that employee’s operational tasks.
This allows the company to create a hierarchy of passphrases.
For example:
• the CEO assigns several passphrases to division directors
• directors assign additional passphrases to department managers
• department managers then assign passphrases to their teams
Each level of the organization works only with the access it actually needs.
The list of passphrases can be managed:
• centrally – for example by company leadership
• or decentrally – distributed among multiple managers
Depending on the organizational structure, the company can determine the number of BUNKEROID devices required and whether passphrase matrices are created on one or both sides of the BUNKEROID.
The result is a system where the underlying infrastructure is transparent, but actual access is controlled through distributed knowledge of passphrases.
In such a model, the SEED can safely be public — as long as the real meaning and access remain hidden in the structure of passphrases.
This allows a company to manage access to digital assets much like it manages access to internal systems or budgets — through roles, responsibility, and hierarchical control.
Can I assign different passphrases to different people?
Yes. That is exactly what the system is designed for.
A passphrase is not just an additional password — it can also function as an access management tool.
Each passphrase creates a different wallet, even if all users start from the same SEED.
This means different people can operate different wallets while sharing the same base infrastructure.
For example:
• a family member may have a personal passphrase for their own wallet
• an employee may receive a passphrase intended for their operational tasks
• a manager may use a passphrase with a higher level of access
Each person therefore works only with the access they actually need.
If the situation changes — for example if someone loses their device, changes position, or should no longer have access — it is enough to change the passphrase.
There is no need to change the SEED or rebuild the entire infrastructure.
This is where BUNKEROID has a major practical advantage.
With traditional metal SEED plates, changing the security model is often expensive.
It usually requires generating a new SEED, rebuilding the entire setup, and redistributing all backups.
With BUNKEROID, it is usually enough to change the PIN segment combination or the passphrase logic.
In many cases, the PIN segments do not even need to be replaced.
They can simply be rearranged within the matrix.
The operational procedures — such as reading direction or combination rules — can remain unchanged.
The change is therefore fast, inexpensive, and operationally simple, while the overall system and workflow remain the same.
The SEED can stay the same.
Only the logic of access changes.
A passphrase is not just an additional password — it can also function as an access management tool.
Each passphrase creates a different wallet, even if all users start from the same SEED.
This means different people can operate different wallets while sharing the same base infrastructure.
For example:
• a family member may have a personal passphrase for their own wallet
• an employee may receive a passphrase intended for their operational tasks
• a manager may use a passphrase with a higher level of access
Each person therefore works only with the access they actually need.
If the situation changes — for example if someone loses their device, changes position, or should no longer have access — it is enough to change the passphrase.
There is no need to change the SEED or rebuild the entire infrastructure.
This is where BUNKEROID has a major practical advantage.
With traditional metal SEED plates, changing the security model is often expensive.
It usually requires generating a new SEED, rebuilding the entire setup, and redistributing all backups.
With BUNKEROID, it is usually enough to change the PIN segment combination or the passphrase logic.
In many cases, the PIN segments do not even need to be replaced.
They can simply be rearranged within the matrix.
The operational procedures — such as reading direction or combination rules — can remain unchanged.
The change is therefore fast, inexpensive, and operationally simple, while the overall system and workflow remain the same.
The SEED can stay the same.
Only the logic of access changes.
How to handle inheritance?
When dealing with inheritance, the key challenge is to ensure that funds remain recoverable, while no single person has full control during the owner’s lifetime.
One practical approach is to use Shamir Secret Sharing.
For example, the owner can split the main SEED into several parts — for instance 5 partial seeds.
Each potential heir receives one partial seed, stored in their own BUNKEROID.
The BUNKEROID can also contain the reconstruction rule — for example how many parts are required to reconstruct the original SEED (for example 3 out of 5).
Holding a partial seed alone does not automatically grant access to the funds.
Actual access can be controlled separately using passphrases.
These passphrases may be stored in the owner’s will, for example with a notary, where it is also clearly defined which heir receives which portion of the assets.
Once the inheritance conditions are fulfilled, the heirs combine the required number of partial seeds to reconstruct the main SEED and use their assigned passphrases to access the specific wallets or asset shares.
Such a model allows you to:
• distribute control among multiple people
• eliminate a single point of failure
• clearly define inheritance shares
This is only one of many possible scenarios that can be designed using BUNKEROID.
The key idea is that the system allows you to separate reconstruction of the infrastructure from access to the assets themselves.
One practical approach is to use Shamir Secret Sharing.
For example, the owner can split the main SEED into several parts — for instance 5 partial seeds.
Each potential heir receives one partial seed, stored in their own BUNKEROID.
The BUNKEROID can also contain the reconstruction rule — for example how many parts are required to reconstruct the original SEED (for example 3 out of 5).
Holding a partial seed alone does not automatically grant access to the funds.
Actual access can be controlled separately using passphrases.
These passphrases may be stored in the owner’s will, for example with a notary, where it is also clearly defined which heir receives which portion of the assets.
Once the inheritance conditions are fulfilled, the heirs combine the required number of partial seeds to reconstruct the main SEED and use their assigned passphrases to access the specific wallets or asset shares.
Such a model allows you to:
• distribute control among multiple people
• eliminate a single point of failure
• clearly define inheritance shares
This is only one of many possible scenarios that can be designed using BUNKEROID.
The key idea is that the system allows you to separate reconstruction of the infrastructure from access to the assets themselves.
What if I want to change the architecture over time?
That is completely natural.
A security architecture usually evolves together with the user’s life situation.
Someone may start with a simple model — for example a single wallet for personal use.
Later they may add family members, a company structure, inheritance scenarios, or multiple levels of access.
BUNKEROID is designed specifically so that the architecture can change without replacing the entire system.
In most cases, there is no need to change the SEED itself.
It is usually enough to modify:
• passphrases
• combinations of PIN segments
• rules for reading or reconstruction
The PIN segments often do not even need to be replaced.
They can simply be rearranged within the matrix or combined using a different logic.
This makes it possible to gradually change:
• who has access
• what level of access they have
• how reconstruction works
—all without replacing the underlying infrastructure.
With traditional metal SEED plates, changing the architecture is often expensive because it requires generating a new SEED and rebuilding the entire backup system.
BUNKEROID allows you to change the logic of the system without changing its physical foundation.
The architecture can therefore evolve together with the user — without having to start from scratch.
A security architecture usually evolves together with the user’s life situation.
Someone may start with a simple model — for example a single wallet for personal use.
Later they may add family members, a company structure, inheritance scenarios, or multiple levels of access.
BUNKEROID is designed specifically so that the architecture can change without replacing the entire system.
In most cases, there is no need to change the SEED itself.
It is usually enough to modify:
• passphrases
• combinations of PIN segments
• rules for reading or reconstruction
The PIN segments often do not even need to be replaced.
They can simply be rearranged within the matrix or combined using a different logic.
This makes it possible to gradually change:
• who has access
• what level of access they have
• how reconstruction works
—all without replacing the underlying infrastructure.
With traditional metal SEED plates, changing the architecture is often expensive because it requires generating a new SEED and rebuilding the entire backup system.
BUNKEROID allows you to change the logic of the system without changing its physical foundation.
The architecture can therefore evolve together with the user — without having to start from scratch.
How many combinations can I create from 60 words?
It depends on how you choose to use them.
BUNKEROID does not impose a fixed rule for combining words.
The user can define things such as:
• the number of segments used
• the reading direction
• the order in which segments are combined
For example, if you select 3 words from a set of 60, the number of possible combinations is:
60 × 59 × 58 = 205,320 combinations
And that is only one of the simplest scenarios.
In practice, the number of possibilities can be much larger because the user can also vary:
• the length of the combination
• the reading direction of the matrix
• the way the segments are assembled
For an external observer it therefore becomes very difficult to determine:
• which words are used
• in what order
• according to which rule
Without knowing this logic, the correct combination cannot be reconstructed.
BUNKEROID therefore does not rely only on the secrecy of the words themselves, but primarily on the secrecy of their structure and meaning.
BUNKEROID does not impose a fixed rule for combining words.
The user can define things such as:
• the number of segments used
• the reading direction
• the order in which segments are combined
For example, if you select 3 words from a set of 60, the number of possible combinations is:
60 × 59 × 58 = 205,320 combinations
And that is only one of the simplest scenarios.
In practice, the number of possibilities can be much larger because the user can also vary:
• the length of the combination
• the reading direction of the matrix
• the way the segments are assembled
For an external observer it therefore becomes very difficult to determine:
• which words are used
• in what order
• according to which rule
Without knowing this logic, the correct combination cannot be reconstructed.
BUNKEROID therefore does not rely only on the secrecy of the words themselves, but primarily on the secrecy of their structure and meaning.
Topic: Compatibility and Configuration
Technical Questions
Is it possible to use numeric indexes instead of words?
Yes. BUNKEROID is not tied to any specific data format.
In practice, normalized word sets are often used — for example BIP39 — but the system can work with other forms of representation as well, such as numeric indexes of individual entries.
In such sets, each word or entry has a unique index.
Instead of storing the word itself, it is therefore possible to store its numeric representation.
For some users this may be practical, for example:
• when working with internal systems
• when processing data automatically
• or in environments where numeric codes are used instead of text
From the perspective of BUNKEROID, however, it is still just information, which can be expressed in different forms.
The system is therefore not tied to a specific language, dictionary, or format.
It may contain, for example:
• words
• numbers
• text strings
• instructions
• or combinations of them
What matters is not which format you use, but the reconstruction logic you design.
BUNKEROID does not work with words or numbers.
It works with the structure of information — who knows what, and how the pieces are combined.
Without knowledge of that structure, the information appears to an observer as nothing more than random text.
In practice, normalized word sets are often used — for example BIP39 — but the system can work with other forms of representation as well, such as numeric indexes of individual entries.
In such sets, each word or entry has a unique index.
Instead of storing the word itself, it is therefore possible to store its numeric representation.
For some users this may be practical, for example:
• when working with internal systems
• when processing data automatically
• or in environments where numeric codes are used instead of text
From the perspective of BUNKEROID, however, it is still just information, which can be expressed in different forms.
The system is therefore not tied to a specific language, dictionary, or format.
It may contain, for example:
• words
• numbers
• text strings
• instructions
• or combinations of them
What matters is not which format you use, but the reconstruction logic you design.
BUNKEROID does not work with words or numbers.
It works with the structure of information — who knows what, and how the pieces are combined.
Without knowledge of that structure, the information appears to an observer as nothing more than random text.
Can I engrave custom text strings?
Yes.
BUNKEROID is not tied to any specific data format.
The content that is engraved is always defined by the user.
It may include, for example:
• words from normalized word sets
• numeric indexes
• custom text strings
• PIN codes
• instructions
• or any combination of these
The manufacturer does not interpret or validate the content.
BUNKEROID operates in a zero-knowledge mode — the manufacturer engraves exactly what the user provides, without knowing the meaning or context of the data.
It is also important to note that the manufacturer does not have to perform the engraving at all.
A user may simply order a blank set of PIN segments and have them engraved locally — for example by a trusted person or a local workshop.
The specific provider of the laser engraving therefore does not matter.
The pre-generated 60-word sets offered by the manufacturer are only a recommended option, designed to simplify the setup process and reduce the risk of mistakes.
The system itself remains completely open.
BUNKEROID does not work with the meaning of data.
It works with the structure of information.
What appears to be random text to an observer may in fact be a precisely defined reconstruction system for the user.
BUNKEROID is not tied to any specific data format.
The content that is engraved is always defined by the user.
It may include, for example:
• words from normalized word sets
• numeric indexes
• custom text strings
• PIN codes
• instructions
• or any combination of these
The manufacturer does not interpret or validate the content.
BUNKEROID operates in a zero-knowledge mode — the manufacturer engraves exactly what the user provides, without knowing the meaning or context of the data.
It is also important to note that the manufacturer does not have to perform the engraving at all.
A user may simply order a blank set of PIN segments and have them engraved locally — for example by a trusted person or a local workshop.
The specific provider of the laser engraving therefore does not matter.
The pre-generated 60-word sets offered by the manufacturer are only a recommended option, designed to simplify the setup process and reduce the risk of mistakes.
The system itself remains completely open.
BUNKEROID does not work with the meaning of data.
It works with the structure of information.
What appears to be random text to an observer may in fact be a precisely defined reconstruction system for the user.
What if I make a mistake during engraving?
Mistakes can happen.
That is why the system is designed to be adjustable and reconfigurable without having to rebuild the entire setup.
In most cases, it is not necessary to replace the whole system.
If the mistake affects a specific segment, you can typically:
• replace a single PIN segment
• move it to a different position in the matrix
• or adjust the combination logic
In many situations, the issue can even be solved by changing the structure, without modifying the engraving itself.
BUNKEROID does not depend on individual words or characters as a fixed structure.
What matters is the logic used to combine them.
This means that even if a segment is replaced, rearranged, or no longer used, the overall system can remain functional.
If a physical correction is needed, the user can simply:
• replace the affected segment
• or create a new PIN segment
without replacing the entire BUNKEROID.
The modular design allows mistakes to be corrected locally, without changing the overall architecture.
As with most security systems, one simple rule always applies:
before relying on the setup, it is wise to test the reconstruction process.
This ensures that all parts of the system work exactly according to the intended logic.
That is why the system is designed to be adjustable and reconfigurable without having to rebuild the entire setup.
In most cases, it is not necessary to replace the whole system.
If the mistake affects a specific segment, you can typically:
• replace a single PIN segment
• move it to a different position in the matrix
• or adjust the combination logic
In many situations, the issue can even be solved by changing the structure, without modifying the engraving itself.
BUNKEROID does not depend on individual words or characters as a fixed structure.
What matters is the logic used to combine them.
This means that even if a segment is replaced, rearranged, or no longer used, the overall system can remain functional.
If a physical correction is needed, the user can simply:
• replace the affected segment
• or create a new PIN segment
without replacing the entire BUNKEROID.
The modular design allows mistakes to be corrected locally, without changing the overall architecture.
As with most security systems, one simple rule always applies:
before relying on the setup, it is wise to test the reconstruction process.
This ensures that all parts of the system work exactly according to the intended logic.
Is BUNKEROID compatible with Trezor / Ledger?
Yes.
BUNKEROID is not tied to any specific device or manufacturer.
It works with the information used by many cryptographic systems.
In practice, this means it can be used with:
• hardware wallets (such as Trezor, Ledger, and similar devices)
• software wallets (for example Electrum or Sparrow)
• Lightning node infrastructure (such as LND or other implementations)
• Lightning wallets (for example Phoenix and similar applications)
The only requirement is that the system uses a seed, passphrase, or another reconstruction mechanism.
BUNKEROID does not depend on a specific device or application.
It works with the information required to reconstruct access.
This means the software or hardware used to access funds can change over time, while the information architecture remains the same.
Users are therefore not dependent on a single manufacturer, a single application, or a single generation of devices.
BUNKEROID is not tied to a specific wallet.
It works with the structure of information that these systems use.
BUNKEROID is not tied to any specific device or manufacturer.
It works with the information used by many cryptographic systems.
In practice, this means it can be used with:
• hardware wallets (such as Trezor, Ledger, and similar devices)
• software wallets (for example Electrum or Sparrow)
• Lightning node infrastructure (such as LND or other implementations)
• Lightning wallets (for example Phoenix and similar applications)
The only requirement is that the system uses a seed, passphrase, or another reconstruction mechanism.
BUNKEROID does not depend on a specific device or application.
It works with the information required to reconstruct access.
This means the software or hardware used to access funds can change over time, while the information architecture remains the same.
Users are therefore not dependent on a single manufacturer, a single application, or a single generation of devices.
BUNKEROID is not tied to a specific wallet.
It works with the structure of information that these systems use.
Do I need any special software?
No.
BUNKEROID does not require any special software, application, or proprietary system.
It is a purely physical organizational tool that works with information used by existing cryptographic systems — such as wallets, node infrastructures, or other systems that rely on private keys.
All operations, such as generating a seed, restoring a wallet, or activating a passphrase, are performed directly in the wallet software or device you already use.
BUNKEROID simply helps organize and physically store the information required to reconstruct access in a structured and controllable way.
When designing the extended 60-word set, which we recommend as a standard configuration, users may optionally use helper generators available on our website:
LINK : https://bunkeroid.com/pin-descriptors/
The user can enter their own words, and the generator will add additional random entries to produce a complete set of 60 words.
The result is a simple TXT file containing an alphabetically ordered list of 60 words, which the customer sends together with the order.
BUNKEROID then laser-engraves exactly the content of this file without interpreting or validating its meaning.
These generators are only helper tools for creating a consistent word set.
They are not an authority for generating secrets, and users are free to modify, replace, or completely ignore them.
Because of this, the system is not tied to any single manufacturer, application, or technology platform.
You can change wallets, migrate to different software, or replace hardware devices while the information architecture stored in BUNKEROID remains the same.
There is therefore no software dependency, which significantly improves long-term compatibility.
BUNKEROID does not require any special software, application, or proprietary system.
It is a purely physical organizational tool that works with information used by existing cryptographic systems — such as wallets, node infrastructures, or other systems that rely on private keys.
All operations, such as generating a seed, restoring a wallet, or activating a passphrase, are performed directly in the wallet software or device you already use.
BUNKEROID simply helps organize and physically store the information required to reconstruct access in a structured and controllable way.
When designing the extended 60-word set, which we recommend as a standard configuration, users may optionally use helper generators available on our website:
LINK : https://bunkeroid.com/pin-descriptors/
The user can enter their own words, and the generator will add additional random entries to produce a complete set of 60 words.
The result is a simple TXT file containing an alphabetically ordered list of 60 words, which the customer sends together with the order.
BUNKEROID then laser-engraves exactly the content of this file without interpreting or validating its meaning.
These generators are only helper tools for creating a consistent word set.
They are not an authority for generating secrets, and users are free to modify, replace, or completely ignore them.
Because of this, the system is not tied to any single manufacturer, application, or technology platform.
You can change wallets, migrate to different software, or replace hardware devices while the information architecture stored in BUNKEROID remains the same.
There is therefore no software dependency, which significantly improves long-term compatibility.
Can BUNKEROID be used outside of crypto?
Yes.
BUNKEROID is not limited to cryptocurrencies.
It is a general system for the physical organization of sensitive information.
Cryptocurrency use cases are simply the most visible example, because they rely on seeds, passphrases, and private keys.
However, the same principle can be applied to many other types of information.
For example:
• managing access credentials for sensitive systems
• splitting confidential information among multiple participants
• organizing recovery data for infrastructure (servers, nodes, administrative access)
• long-term storage of critical data outside the digital environment
• managing access rights within an organization
BUNKEROID does not solve a specific type of data problem.
Instead, it addresses how information can be physically organized so that it is clear who can access it, when, and under what conditions.
Because of this, it can be used anywhere that requires a combination of:
• physical control
• structured access management
• long-term stability of information
Crypto is simply one of many possible applications.
BUNKEROID is not limited to cryptocurrencies.
It is a general system for the physical organization of sensitive information.
Cryptocurrency use cases are simply the most visible example, because they rely on seeds, passphrases, and private keys.
However, the same principle can be applied to many other types of information.
For example:
• managing access credentials for sensitive systems
• splitting confidential information among multiple participants
• organizing recovery data for infrastructure (servers, nodes, administrative access)
• long-term storage of critical data outside the digital environment
• managing access rights within an organization
BUNKEROID does not solve a specific type of data problem.
Instead, it addresses how information can be physically organized so that it is clear who can access it, when, and under what conditions.
Because of this, it can be used anywhere that requires a combination of:
• physical control
• structured access management
• long-term stability of information
Crypto is simply one of many possible applications.
Topic: Who it makes sense for
Price and Value
Why is BUNKEROID more expensive than a seed plate?
Because BUNKEROID does more than simply store one piece of information.
A traditional seed plate is essentially a passive carrier.
You engrave a seed on it, and its function ends there.
BUNKEROID, on the other hand, is an organizational system for working with information.
It allows you to:
• combine seed and passphrase architectures
• create multiple passphrases from a single matrix
• assign access to different people or departments
• change the security model without replacing the entire system
• use Shamir or other multi-party architectures
• work with plausible deniability layers
The most important difference is long-term flexibility.
If the security model changes with a traditional seed plate, it often requires manufacturing a completely new plate.
With BUNKEROID, in many cases it is enough to:
• replace a few PIN segments
• or simply rearrange them within the matrix
The overall architecture can remain the same, while the change is fast and relatively inexpensive.
The price of BUNKEROID is therefore not about the piece of metal.
It is about a system for managing information, allowing the security model to evolve without replacing the entire physical medium.
A traditional seed plate is essentially a passive carrier.
You engrave a seed on it, and its function ends there.
BUNKEROID, on the other hand, is an organizational system for working with information.
It allows you to:
• combine seed and passphrase architectures
• create multiple passphrases from a single matrix
• assign access to different people or departments
• change the security model without replacing the entire system
• use Shamir or other multi-party architectures
• work with plausible deniability layers
The most important difference is long-term flexibility.
If the security model changes with a traditional seed plate, it often requires manufacturing a completely new plate.
With BUNKEROID, in many cases it is enough to:
• replace a few PIN segments
• or simply rearrange them within the matrix
The overall architecture can remain the same, while the change is fast and relatively inexpensive.
The price of BUNKEROID is therefore not about the piece of metal.
It is about a system for managing information, allowing the security model to evolve without replacing the entire physical medium.
Is it suitable even for small amounts?
The use of BUNKEROID does not depend on the amount of funds, but on the purpose you want to use it for.
If someone only needs to store a simple seed for a small amount of crypto, there may be simpler solutions.
However, BUNKEROID is not designed merely as a “seed storage” device.
It is a tool for designing and managing access architectures.
If you want to work with structured information, BUNKEROID can be useful even for very small amounts — for example as an organizational or experimental tool.
One example is the use of hierarchical address generation.
A generated address can itself serve as a passphrase that unlocks additional sets of subordinate wallets.
This allows the creation of multi-layer systems where individual subsystems operate independently while still being connected to a higher hierarchical structure.
Such a model could, for example, record transactions as “votes”, where subsystems represent different levels such as:
CITY → REGION → STATE
Each level maintains its own addresses and accounting, while the overall structure remains linked through a single central authority or rule set.
In this case, BUNKEROID is not used primarily to store value, but to organize the structure of access and the meaning of information.
For that reason, the use of BUNKEROID is not limited by the size of the funds involved.
It is limited only by the user’s imagination.
If someone only needs to store a simple seed for a small amount of crypto, there may be simpler solutions.
However, BUNKEROID is not designed merely as a “seed storage” device.
It is a tool for designing and managing access architectures.
If you want to work with structured information, BUNKEROID can be useful even for very small amounts — for example as an organizational or experimental tool.
One example is the use of hierarchical address generation.
A generated address can itself serve as a passphrase that unlocks additional sets of subordinate wallets.
This allows the creation of multi-layer systems where individual subsystems operate independently while still being connected to a higher hierarchical structure.
Such a model could, for example, record transactions as “votes”, where subsystems represent different levels such as:
CITY → REGION → STATE
Each level maintains its own addresses and accounting, while the overall structure remains linked through a single central authority or rule set.
In this case, BUNKEROID is not used primarily to store value, but to organize the structure of access and the meaning of information.
For that reason, the use of BUNKEROID is not limited by the size of the funds involved.
It is limited only by the user’s imagination.
Who is BUNKEROID not suitable for?
BUNKEROID is not suitable for people who do not want to think about the architecture of their access systems.
The system gives the user a high degree of freedom, but it also assumes that the user understands the basic principles of working with private keys, seeds, and passphrases.
It is not ideal for those who:
• are looking for a fully automated solution without understanding the system
• want a “one-button security” solution without making their own decisions
• do not want to take responsibility for their own access architecture
• expect the manufacturer or a service provider to manage their resources for them
BUNKEROID is a tool that gives the user control over the structure of access.
This means that the organization of information, access rights, and the security model is always the result of user decisions, not the manufacturer’s design.
It makes the most sense for people who want to:
• maintain full control over their keys and access structures
• design their own security architecture
• work with multi-layer access systems
• build long-term stable solutions independent of specific services
In short:
BUNKEROID is not a tool for convenience.
It is a tool for control.
The system gives the user a high degree of freedom, but it also assumes that the user understands the basic principles of working with private keys, seeds, and passphrases.
It is not ideal for those who:
• are looking for a fully automated solution without understanding the system
• want a “one-button security” solution without making their own decisions
• do not want to take responsibility for their own access architecture
• expect the manufacturer or a service provider to manage their resources for them
BUNKEROID is a tool that gives the user control over the structure of access.
This means that the organization of information, access rights, and the security model is always the result of user decisions, not the manufacturer’s design.
It makes the most sense for people who want to:
• maintain full control over their keys and access structures
• design their own security architecture
• work with multi-layer access systems
• build long-term stable solutions independent of specific services
In short:
BUNKEROID is not a tool for convenience.
It is a tool for control.
Is it a one-time tool or an infrastructure?
BUNKEROID is not a one-time tool.
It is a long-term infrastructure for organizing access and critical information.
Traditional seed plates typically have a single purpose:
you engrave a seed, store it somewhere, and their role ends there.
BUNKEROID is designed differently.
Its purpose is to enable long-term work with an access architecture that can evolve over time.
For example, the user can:
• change passphrases
• rearrange PIN segments
• modify how the matrix is read
• change the security model
• expand the system with additional BUNKEROIDs
• migrate to Shamir or other multi-party architectures
This means BUNKEROID behaves more like an infrastructure component of a security system, rather than a one-time product.
It is a tool that can remain part of a security architecture for many years, even as wallet software, devices, or technologies evolve.
In short:
BUNKEROID is not a one-time backup.
It is a physical infrastructure for managing access.
It is a long-term infrastructure for organizing access and critical information.
Traditional seed plates typically have a single purpose:
you engrave a seed, store it somewhere, and their role ends there.
BUNKEROID is designed differently.
Its purpose is to enable long-term work with an access architecture that can evolve over time.
For example, the user can:
• change passphrases
• rearrange PIN segments
• modify how the matrix is read
• change the security model
• expand the system with additional BUNKEROIDs
• migrate to Shamir or other multi-party architectures
This means BUNKEROID behaves more like an infrastructure component of a security system, rather than a one-time product.
It is a tool that can remain part of a security architecture for many years, even as wallet software, devices, or technologies evolve.
In short:
BUNKEROID is not a one-time backup.
It is a physical infrastructure for managing access.
Topic: Operational Model
Privacy, Orders and NDS
Do you store customer data?
No.
One of the core principles behind BUNKEROID is data minimization.
We do not maintain customer databases, order registries, or long-term records of who purchased the product. Once an order is completed, these data no longer have any practical purpose for us, and therefore they are not archived.
The ordering process is designed to work without collecting personal information.
The preferred payment method is Bitcoin over the Lightning Network, which does not require customer identification.
Shipments can be delivered to a pickup box using a nickname or pseudonym.
The only data that temporarily appear during the ordering process are those strictly necessary for delivery logistics. After the order is completed, these data are removed.
At the same time, BUNKEROID operates in a zero-knowledge mode.
The manufacturer does not know the meaning or function of the information provided for engraving.
Laser engraving is performed exactly according to the supplied TXT file, without interpretation or validation of the content.
This means the manufacturer:
• does not know what is being engraved
• does not know how the information will be used
• has no reason or ability to analyze the content
However, it is important to mention the limitations of banking infrastructure.
When paying through traditional banking systems, customers automatically share their identity and transaction data with financial institutions, which may analyze purchasing behavior, transaction patterns, and other metadata.
For this reason, we do not consider this payment method ideal from a privacy perspective and cannot recommend it.
Its availability in our store exists mainly due to legislative requirements, which obligate us to offer conventional payment options under the threat of regulatory penalties.
In short:
BUNKEROID is not built on collecting customer data.
It is built on minimizing it.
One of the core principles behind BUNKEROID is data minimization.
We do not maintain customer databases, order registries, or long-term records of who purchased the product. Once an order is completed, these data no longer have any practical purpose for us, and therefore they are not archived.
The ordering process is designed to work without collecting personal information.
The preferred payment method is Bitcoin over the Lightning Network, which does not require customer identification.
Shipments can be delivered to a pickup box using a nickname or pseudonym.
The only data that temporarily appear during the ordering process are those strictly necessary for delivery logistics. After the order is completed, these data are removed.
At the same time, BUNKEROID operates in a zero-knowledge mode.
The manufacturer does not know the meaning or function of the information provided for engraving.
Laser engraving is performed exactly according to the supplied TXT file, without interpretation or validation of the content.
This means the manufacturer:
• does not know what is being engraved
• does not know how the information will be used
• has no reason or ability to analyze the content
However, it is important to mention the limitations of banking infrastructure.
When paying through traditional banking systems, customers automatically share their identity and transaction data with financial institutions, which may analyze purchasing behavior, transaction patterns, and other metadata.
For this reason, we do not consider this payment method ideal from a privacy perspective and cannot recommend it.
Its availability in our store exists mainly due to legislative requirements, which obligate us to offer conventional payment options under the threat of regulatory penalties.
In short:
BUNKEROID is not built on collecting customer data.
It is built on minimizing it.
How does warranty work without a customer database?
BUNKEROID uses the NoDataStore (NDS) principle.
This means the manufacturer does not maintain a database of customers, orders, or serial numbers linked to specific individuals.
The warranty is therefore not tied to the customer’s identity, but to a cryptographic proof of purchase.
When a purchase is made, the transaction is paid via the Bitcoin Lightning Network or on-chain Bitcoin.
Each such transaction has a unique identifier (TXID or payment hash).
This identifier acts as the proof of purchase and ownership.
When claiming warranty, the customer simply provides this identifier.
The manufacturer then locally computes a verification code using a cryptographic function (for example HMAC) and verifies that the transaction corresponds to a legitimately issued product.
This process:
• does not require a customer database
• does not require customer identification
• does not require archiving orders
Verification works deterministically from cryptographic data, not from stored personal records.
The same mechanism can also be used for:
• product authenticity verification
• loyalty discounts for repeat orders
• service or support requests
All without the need to create or maintain customer databases.
In short:
The warranty is not based on the identity of the customer.
It is based on a cryptographic proof of purchase.
This means the manufacturer does not maintain a database of customers, orders, or serial numbers linked to specific individuals.
The warranty is therefore not tied to the customer’s identity, but to a cryptographic proof of purchase.
When a purchase is made, the transaction is paid via the Bitcoin Lightning Network or on-chain Bitcoin.
Each such transaction has a unique identifier (TXID or payment hash).
This identifier acts as the proof of purchase and ownership.
When claiming warranty, the customer simply provides this identifier.
The manufacturer then locally computes a verification code using a cryptographic function (for example HMAC) and verifies that the transaction corresponds to a legitimately issued product.
This process:
• does not require a customer database
• does not require customer identification
• does not require archiving orders
Verification works deterministically from cryptographic data, not from stored personal records.
The same mechanism can also be used for:
• product authenticity verification
• loyalty discounts for repeat orders
• service or support requests
All without the need to create or maintain customer databases.
In short:
The warranty is not based on the identity of the customer.
It is based on a cryptographic proof of purchase.
How do I verify the originality of the product?
The originality of a BUNKEROID can be verified using a cryptographic proof of purchase, not a serial number or a customer database.
During the manufacturing process, each BUNKEROID is associated with a transaction created for that specific order. This transaction has a unique identifier (TXID or payment hash).
This identifier serves as the verification key of the product.
If a user wants to verify the authenticity of a BUNKEROID, they simply provide this identifier. The manufacturer then uses an internal secret key to compute a cryptographic signature (for example using an HMAC function) and verifies whether the resulting value matches the data present on the product.
Importantly, this process:
• does not require a customer database
• does not require a registry of product owners
• does not require product registration
Verification works deterministically from cryptographic data, not from stored personal information.
This makes it possible to verify product authenticity without the manufacturer knowing:
• who the customer is
• where the product is located
• or who is currently using it
In short:
Product authenticity is verified through a cryptographic proof of purchase, not through customer identity.
During the manufacturing process, each BUNKEROID is associated with a transaction created for that specific order. This transaction has a unique identifier (TXID or payment hash).
This identifier serves as the verification key of the product.
If a user wants to verify the authenticity of a BUNKEROID, they simply provide this identifier. The manufacturer then uses an internal secret key to compute a cryptographic signature (for example using an HMAC function) and verifies whether the resulting value matches the data present on the product.
Importantly, this process:
• does not require a customer database
• does not require a registry of product owners
• does not require product registration
Verification works deterministically from cryptographic data, not from stored personal information.
This makes it possible to verify product authenticity without the manufacturer knowing:
• who the customer is
• where the product is located
• or who is currently using it
In short:
Product authenticity is verified through a cryptographic proof of purchase, not through customer identity.
Why don’t you require KYC?
Because selling BUNKEROID does not require customer identification.
BUNKEROID is a physical product, not a financial service, asset custody solution, or transaction intermediary. The manufacturer does not hold customer funds and has no access to the customer’s financial resources.
For this reason, there is no inherent need to identify the customer, unless it is explicitly required by the legislation of a specific jurisdiction.
On the contrary, collecting personal data in this context creates unnecessary security risks.
Customer databases can become targets for attacks or data leaks that may expose individuals working with cryptographic systems.
The philosophy behind BUNKEROID is therefore based on data minimization.
We only collect information that is strictly necessary for order logistics, and even that only for the minimum time required.
It is also important to emphasize that BUNKEROID does not provide financial services.
We do not offer cryptocurrency custody, asset management, or any form of financial intermediation.
We sell a tool for the physical organization of information, not a financial product.
We design our systems so that your resources remain exclusively your resources.
In short:
If there is no legitimate reason to collect personal data, it is safer not to create it at all.
BUNKEROID is a physical product, not a financial service, asset custody solution, or transaction intermediary. The manufacturer does not hold customer funds and has no access to the customer’s financial resources.
For this reason, there is no inherent need to identify the customer, unless it is explicitly required by the legislation of a specific jurisdiction.
On the contrary, collecting personal data in this context creates unnecessary security risks.
Customer databases can become targets for attacks or data leaks that may expose individuals working with cryptographic systems.
The philosophy behind BUNKEROID is therefore based on data minimization.
We only collect information that is strictly necessary for order logistics, and even that only for the minimum time required.
It is also important to emphasize that BUNKEROID does not provide financial services.
We do not offer cryptocurrency custody, asset management, or any form of financial intermediation.
We sell a tool for the physical organization of information, not a financial product.
We design our systems so that your resources remain exclusively your resources.
In short:
If there is no legitimate reason to collect personal data, it is safer not to create it at all.
How does anonymous delivery work?
Anonymous delivery is based on a simple principle:
minimize the amount of information required during the ordering process.
When using the preferred payment method via the Bitcoin Lightning Network, no personal information is required. The payment itself does not contain the customer’s identity.
For delivery we use pickup lockers operated by logistics partners, such as Packeta.
The shipment can be sent under a nickname or pseudonym, without the need to provide the recipient’s real name.
In practice it works as follows:
• the customer places an order using a nickname
• selects a pickup box as the delivery location
• after payment, the package is shipped to the selected box
• the customer receives a code to collect the package
The logistics provider only requires technical data necessary to deliver the shipment, not the identity of the recipient.
From the manufacturer’s perspective:
• we do not maintain customer databases
• once the order is completed, the data have no further use for us
• the system is designed to function without customer identification
The result is a model where:
• the manufacturer does not know the customer’s identity
• the logistics provider does not know the content of the shipment
• the payment layer does not contain the identity of the buyer
The only weaker point may be card payments, where the payment service provider may know who paid whom and for what product.
For this reason, from a privacy perspective we prefer Bitcoin and the Lightning Network, which do not create this type of link between identity and transaction.
In short:
Each part of the process knows only the minimum information required to perform its role.
minimize the amount of information required during the ordering process.
When using the preferred payment method via the Bitcoin Lightning Network, no personal information is required. The payment itself does not contain the customer’s identity.
For delivery we use pickup lockers operated by logistics partners, such as Packeta.
The shipment can be sent under a nickname or pseudonym, without the need to provide the recipient’s real name.
In practice it works as follows:
• the customer places an order using a nickname
• selects a pickup box as the delivery location
• after payment, the package is shipped to the selected box
• the customer receives a code to collect the package
The logistics provider only requires technical data necessary to deliver the shipment, not the identity of the recipient.
From the manufacturer’s perspective:
• we do not maintain customer databases
• once the order is completed, the data have no further use for us
• the system is designed to function without customer identification
The result is a model where:
• the manufacturer does not know the customer’s identity
• the logistics provider does not know the content of the shipment
• the payment layer does not contain the identity of the buyer
The only weaker point may be card payments, where the payment service provider may know who paid whom and for what product.
For this reason, from a privacy perspective we prefer Bitcoin and the Lightning Network, which do not create this type of link between identity and transaction.
In short:
Each part of the process knows only the minimum information required to perform its role.
Topic: Deeper Questions
Philosophy (last – for those who want to go deeper)
Is self-custody about secrets or structure?
Is self-custody about secrets or structure?
Most people assume that self-custody is mainly about hiding a secret.
In reality, it is much more about designing the right access structure.
The secret itself (a seed, key, or passphrase) is only one element of the system. Real security emerges from how information is divided, organized, and who has access to it.
A well-designed structure can ensure, for example, that:
• no single person has complete control
• different participants have different levels of access
• the system can be recovered after accidents or loss
• the security model can evolve without losing control
If security depends only on a single secret, the system is very fragile.
One mistake, loss, or compromise can break it.
But when security is built on an access structure, the system can remain functional even when parts of it fail.
This is why BUNKEROID is not based only on the idea of “storing a seed”, but on the idea of designing an access architecture.
In short:
Self-custody is not only about secrets.
It is about the structure that defines who, when, and how access to those secrets is possible.
Most people assume that self-custody is mainly about hiding a secret.
In reality, it is much more about designing the right access structure.
The secret itself (a seed, key, or passphrase) is only one element of the system. Real security emerges from how information is divided, organized, and who has access to it.
A well-designed structure can ensure, for example, that:
• no single person has complete control
• different participants have different levels of access
• the system can be recovered after accidents or loss
• the security model can evolve without losing control
If security depends only on a single secret, the system is very fragile.
One mistake, loss, or compromise can break it.
But when security is built on an access structure, the system can remain functional even when parts of it fail.
This is why BUNKEROID is not based only on the idea of “storing a seed”, but on the idea of designing an access architecture.
In short:
Self-custody is not only about secrets.
It is about the structure that defines who, when, and how access to those secrets is possible.
What is the difference between storing and recovering?
Storing and recovering are two different things that people often confuse.
Storing means writing the information down somewhere and putting it aside.
In the context of crypto, this usually means writing a seed on paper or engraving it on a metal plate.
But that does not automatically mean the system can be reliably recovered.
Recovery means being able to use that information again in a real situation and reconstruct access to your resources.
This involves much more than simply storing the data:
• who knows where the information is located
• who is allowed to use it
• in what order different parts are used
• what happens if part of the system is lost
• who will still understand the system years later
Many people have their seed stored, but have never actually tested the recovery process.
Only during a crisis do they discover that:
• part of the information is missing
• it is unclear which version is correct
• nobody knows how to reconstruct the system
That is why it is important to think about recovery architecture, not just storage.
BUNKEROID is designed to help organize the structure of recovery, not only the place where the information is written.
In short:
Storing means the information exists.
Recovery means you can actually use it again.
Storing means writing the information down somewhere and putting it aside.
In the context of crypto, this usually means writing a seed on paper or engraving it on a metal plate.
But that does not automatically mean the system can be reliably recovered.
Recovery means being able to use that information again in a real situation and reconstruct access to your resources.
This involves much more than simply storing the data:
• who knows where the information is located
• who is allowed to use it
• in what order different parts are used
• what happens if part of the system is lost
• who will still understand the system years later
Many people have their seed stored, but have never actually tested the recovery process.
Only during a crisis do they discover that:
• part of the information is missing
• it is unclear which version is correct
• nobody knows how to reconstruct the system
That is why it is important to think about recovery architecture, not just storage.
BUNKEROID is designed to help organize the structure of recovery, not only the place where the information is written.
In short:
Storing means the information exists.
Recovery means you can actually use it again.
Why do we work with the concept of epistemic boundaries?
Security is not only about what is stored, but primarily about what can be known by whom.
An epistemic boundary is the boundary between what can be inferred from information and what cannot be understood without additional context.
In traditional systems, the main problem is that information often exists as a single secret.
If that secret is exposed, the entire system becomes compromised.
The concept of epistemic boundaries approaches the problem differently.
Information is structured so that:
• individual parts do not carry complete meaning on their own
• different participants know different parts of the system
• meaning emerges only through the combination of structure and context
This means that even if someone sees part of the system, or even the entire physical carrier of the information, they may still not know:
• how the elements are interpreted
• what reconstruction rules are used
• which information is real and which is only a protective layer
We apply this principle directly to the manufacturing process of BUNKEROID.
The input structure of the data we receive for production is designed so that it never allows us to know the actual secrets of our customers.
We cannot know whether the engraved data represent a seed, a passphrase, or something entirely different. We also do not know the system architecture the customer intends to use.
At the same time, we do not know:
• the physical identity of the customer
• their geographic location
• or any personal data about them
Despite this lack of knowledge, we are still able to complete the entire manufacturing and delivery process.
This is a practical example of an epistemic boundary in action:
the system is designed so that it works without requiring knowledge of the secret itself.
BUNKEROID therefore does not operate only with the concept of a secret, but with the boundary between knowledge and non-knowledge.
Security does not arise only from hiding information.
It arises from the fact that information cannot be unambiguously interpreted without the correct context.
In short:
An epistemic boundary is the point where information stops being knowledge and becomes merely data without meaning.
An epistemic boundary is the boundary between what can be inferred from information and what cannot be understood without additional context.
In traditional systems, the main problem is that information often exists as a single secret.
If that secret is exposed, the entire system becomes compromised.
The concept of epistemic boundaries approaches the problem differently.
Information is structured so that:
• individual parts do not carry complete meaning on their own
• different participants know different parts of the system
• meaning emerges only through the combination of structure and context
This means that even if someone sees part of the system, or even the entire physical carrier of the information, they may still not know:
• how the elements are interpreted
• what reconstruction rules are used
• which information is real and which is only a protective layer
We apply this principle directly to the manufacturing process of BUNKEROID.
The input structure of the data we receive for production is designed so that it never allows us to know the actual secrets of our customers.
We cannot know whether the engraved data represent a seed, a passphrase, or something entirely different. We also do not know the system architecture the customer intends to use.
At the same time, we do not know:
• the physical identity of the customer
• their geographic location
• or any personal data about them
Despite this lack of knowledge, we are still able to complete the entire manufacturing and delivery process.
This is a practical example of an epistemic boundary in action:
the system is designed so that it works without requiring knowledge of the secret itself.
BUNKEROID therefore does not operate only with the concept of a secret, but with the boundary between knowledge and non-knowledge.
Security does not arise only from hiding information.
It arises from the fact that information cannot be unambiguously interpreted without the correct context.
In short:
An epistemic boundary is the point where information stops being knowledge and becomes merely data without meaning.
Is it better to protect the content or the meaning?
In traditional security models, most effort focuses on protecting the content.
That means trying to prevent anyone from accessing the information itself.
In practice, however, this model often fails.
Content can be exposed accidentally, through user error, or through physical access to the storage medium.
There is therefore another approach: protect the meaning, not the content.
This means the information itself may be visible, but without the correct context it does not carry a clear meaning.
Without understanding the system’s structure, it may be impossible to determine:
• which data are real
• which are only protective layers
• how the information should be interpreted
• what reconstruction rules are used
In such a case, the content itself stops being the critical element.
An attacker may see the data, but cannot interpret them correctly.
This principle lies behind many modern security architectures.
BUNKEROID is designed to operate precisely within this distinction.
It is not only about protecting the information itself, but about controlling who understands its meaning.
In short:
The content may be visible.
The meaning must remain controlled.
That means trying to prevent anyone from accessing the information itself.
In practice, however, this model often fails.
Content can be exposed accidentally, through user error, or through physical access to the storage medium.
There is therefore another approach: protect the meaning, not the content.
This means the information itself may be visible, but without the correct context it does not carry a clear meaning.
Without understanding the system’s structure, it may be impossible to determine:
• which data are real
• which are only protective layers
• how the information should be interpreted
• what reconstruction rules are used
In such a case, the content itself stops being the critical element.
An attacker may see the data, but cannot interpret them correctly.
This principle lies behind many modern security architectures.
BUNKEROID is designed to operate precisely within this distinction.
It is not only about protecting the information itself, but about controlling who understands its meaning.
In short:
The content may be visible.
The meaning must remain controlled.
What is knowledge management?
Knowledge management means systematically organizing knowledge and information so that it is available to the right people at the right time — while remaining inaccessible to those who should not have access to it.
It is not only about storing information.
It is about managing who knows what.
In the context of security, this includes for example:
• dividing information among multiple participants
• defining access rights
• establishing reconstruction rules for the system
• controlling who is able to interpret the information
• ensuring the system can be recovered even years later
An important aspect is that knowledge management works with the flow of knowledge, not just with raw data.
This means the system is designed so that:
• different participants hold different levels of knowledge
• no one possesses more information than necessary
• meaning emerges only through the combination of multiple elements
In cryptographic systems, this principle is especially important.
It is rarely safe for one person or one location to contain all the knowledge required to control the system.
BUNKEROID can therefore also be understood as a knowledge management tool for self-custody.
It helps organize:
• who knows the seed
• who knows the passphrase
• who understands the system structure
• and who is capable of performing recovery
In short:
Knowledge management is the practice of controlling who knows what — and who does not need to know.
It is not only about storing information.
It is about managing who knows what.
In the context of security, this includes for example:
• dividing information among multiple participants
• defining access rights
• establishing reconstruction rules for the system
• controlling who is able to interpret the information
• ensuring the system can be recovered even years later
An important aspect is that knowledge management works with the flow of knowledge, not just with raw data.
This means the system is designed so that:
• different participants hold different levels of knowledge
• no one possesses more information than necessary
• meaning emerges only through the combination of multiple elements
In cryptographic systems, this principle is especially important.
It is rarely safe for one person or one location to contain all the knowledge required to control the system.
BUNKEROID can therefore also be understood as a knowledge management tool for self-custody.
It helps organize:
• who knows the seed
• who knows the passphrase
• who understands the system structure
• and who is capable of performing recovery
In short:
Knowledge management is the practice of controlling who knows what — and who does not need to know.
Still have questions?
Ask and write anything you want. Let us know asap.
