Every credential in the physical world is soulbound. Your university diploma cannot be sold on eBay. Your driver’s license cannot be transferred to your cousin. Your professional certifications, your military service record, your citizenship, these documents are bound to you, not to a bearer. The digital world, until recently, had no equivalent. NFTs could represent anything, but they could be transferred to anyone, making them useless as credentials. Soulbound Tokens change this by introducing a primitive that the blockchain ecosystem lacked from inception: non-transferable proof of experience, achievement, and affiliation.
The concept was formalized in a May 2022 paper by Vitalik Buterin, Glen Weyl, and Puja Ohlhaver titled “Decentralized Society: Finding Web3’s Soul.” The paper proposed Soulbound Tokens as the building blocks of a “Decentralized Society” (DeSoc) where social identity, reputation, and credentials are represented on-chain without relying on centralized institutions. The vision was ambitious. The privacy implications were, and remain, deeply problematic.
What Soulbound Tokens Are
A Soulbound Token is an NFT that cannot be transferred once received. It is minted to a specific wallet address (a “Soul” in the paper’s terminology) and remains there permanently. The holder cannot sell it, gift it, or move it to another address. The issuer may retain the ability to revoke it, but the holder cannot voluntarily part with it.
The technical implementation is straightforward. SBTs are ERC-721 or ERC-1155 tokens with the transfer function disabled or restricted. The EIP-5192 standard (“Minimal Soulbound NFTs”) defines a simple interface:
interface IERC5192 {
event Locked(uint256 tokenId);
event Unlocked(uint256 tokenId);
function locked(uint256 tokenId) external view returns (bool);
}
When a token is locked, transfer functions revert. The token exists. It can be read. It can be verified. But it cannot move.
Several additional standards have emerged: EIP-4973 (“Account-bound Tokens”) provides a consent-based minting mechanism where the recipient must sign to accept the token. EIP-6239 (“Semantic Soulbound Tokens”) adds structured metadata for credential semantics. The ecosystem is fragmented across these standards, but the core property, non-transferability, is consistent.
Use Cases: Where SBTs Make Sense
The original DeSoc paper proposed SBTs for a wide range of applications. The most credible use cases share a common property: they represent relationships or achievements that are inherently non-transferable.
Educational Credentials
A university degree is meaningful because it represents four years of a specific person’s work. An SBT representing a degree from ETH Zurich would be verifiable on-chain, impossible to forge (the issuing institution’s wallet signs the mint transaction), and impossible to buy from someone else. As of 2025, MIT’s Digital Credentials Consortium and several European universities have piloted on-chain credential issuance, though most use verifiable credentials rather than SBTs specifically.
Professional Certifications
Medical licenses, legal bar admissions, engineering certifications. These credentials are already non-transferable in the physical world. SBTs make them digitally verifiable without contacting the issuing authority. A hospital could verify a surgeon’s board certification by reading an on-chain SBT rather than calling the certification board and waiting three weeks for a letter.
Proof of Attendance and Participation
POAPs (Proof of Attendance Protocol tokens) are already one of the most popular use cases for SBT-like tokens. Over 8 million POAPs have been minted, representing attendance at events, participation in governance votes, and completion of educational courses. While standard POAPs are transferable, soulbound POAPs eliminate the secondary market for participation proof.
DAO Membership and Governance
SBTs can represent DAO membership in a way that prevents governance attacks. If voting tokens are transferable, an attacker can temporarily acquire a majority stake, pass a malicious proposal, and sell the tokens. If governance credentials are soulbound, voting power is tied to genuine membership rather than capital.
Credit and Reputation
The DeSoc paper’s most provocative proposal: using SBTs to represent credit history, enabling under-collateralized lending in DeFi based on on-chain reputation rather than locked assets. If a borrower’s repayment history is represented as SBTs from previous lenders, new lenders can assess creditworthiness without a centralized credit bureau. The concept is compelling. The privacy implications are staggering.
The Privacy Problem
This is where the SBT narrative fractures. Every advantage of SBTs as verifiable credentials creates a corresponding privacy catastrophe.
The Permanent Record Problem
SBTs are on-chain. Blockchain data is permanent and public. An SBT representing a medical condition, a criminal record, a bankruptcy, or a political affiliation creates a permanent, public, non-removable binding between a wallet address and sensitive personal information.
The DeSoc paper acknowledged this: “SBTs represent commitments, credentials, and affiliations of Souls. Without privacy, SBTs risk becoming a dystopian tool for social scoring.” The paper proposed using zero-knowledge proofs to enable private SBTs, but the actual deployed SBT ecosystem has largely ignored this recommendation.
As of early 2026, the vast majority of SBT implementations are fully public. Your employer’s SBT, your university’s SBT, your medical credential’s SBT, all publicly readable by anyone who knows your wallet address. Combined with the ENS resolution of that address (if the user has an ENS name), this creates a comprehensive, public, irrevocable dossier.
The Composition Attack
Individual SBTs may be innocuous. “Attended ETH Denver 2025.” “Holds a Solidity certification.” “Member of ClimateDAO.” But the composition of multiple SBTs creates a fingerprint. Research from Cornell published in 2024 demonstrated that as few as 4-5 public SBTs are sufficient to uniquely identify an individual within a dataset of 10,000 wallets with over 97% accuracy. The more SBTs a Soul accumulates, the more identifiable they become.
This is the same composition attack that plagues decentralized identifiers with multiple verifiable credentials, but worse, because SBTs are public by default and permanent by design. A verifiable credential stored in a private identity wallet is at least hidden until the holder chooses to present it. An SBT is visible to the entire network at all times.
The Social Coercion Problem
If SBTs represent reputation, social credit, or professional standing, there is immense pressure on individuals to accumulate and display them. Employers might require candidates to share their wallet address to verify SBT-based credentials. Landlords might check for financial reputation SBTs. Social platforms might rank users by their SBT collection.
This is not speculative. In China’s social credit system, reputation scores are used to restrict access to transportation, education, and housing. SBTs create the infrastructure for a decentralized version of the same system, operated not by a government but by the emergent behavior of thousands of independent applications each reading the same public on-chain data.
The Tension Between Attestation and Anonymity
The fundamental tension in SBTs is between their two most valuable properties: verifiability and privacy. A credential is useful because it can be verified. But verification requires disclosure, and disclosure erodes privacy.
The DeSoc paper proposed several technical approaches to reconcile this tension:
Zero-Knowledge SBTs
Instead of publishing SBT data on-chain, the SBT could contain a commitment (a cryptographic hash) to the credential data. When the holder needs to prove a specific property, they generate a zero-knowledge proof demonstrating the property without revealing the credential’s contents. “I hold a degree from a top-20 university” without revealing which university. “I have a credit score above 700” without revealing the exact score.
This approach is technically sound but dramatically more complex to implement. It requires ZK circuit development for each credential type, a trusted setup or universal setup ceremony, and client-side proof generation that is computationally expensive. Projects like Semaphore and Zupass are building infrastructure for ZK-based credential proofs, but mainstream SBT implementations have not adopted these approaches.
Off-Chain SBTs with On-Chain Verification
A hybrid model stores SBT data off-chain (encrypted, accessible only to the holder) while maintaining an on-chain verification root. The holder can selectively disclose specific SBTs or properties to specific verifiers. The on-chain component provides a tamper-evident anchor; the off-chain component provides privacy.
This approach effectively converges SBTs with the verifiable credentials model. The question becomes: if the SBT data is stored off-chain and disclosed selectively, what advantage does the SBT model have over W3C Verifiable Credentials? The answer is weak: SBTs provide a visible signal of credential existence (though not content) on-chain, which has social signaling value but limited privacy value.
Burn-and-Reissue
For SBTs that need to be updated or removed, a pattern has emerged: the issuer burns (destroys) the existing SBT and mints a new one. This allows credential revocation and update, but the burn transaction itself is public. An observer can see that a credential was revoked, which may be just as sensitive as the credential itself. A revoked medical credential, for instance, signals a professional failure.
Adoption Metrics
SBT adoption has been uneven across the proposed use cases:
- POAPs and event credentials remain the dominant use case, with over 8 million tokens minted across 80,000+ events. These are low-stakes credentials where privacy is not critical.
- Governance credentials have seen adoption in approximately 200 DAOs, primarily for Sybil-resistant voting. Gitcoin Passport, while not technically using SBTs, implements a similar soulbound credential model for grant funding distribution.
- Professional and educational credentials have seen limited mainnet adoption. Fewer than 50 institutions issue on-chain credentials, and most use verifiable credential standards rather than SBTs.
- Credit and reputation SBTs remain largely theoretical. No major DeFi protocol has implemented SBT-based credit scoring in production, partly due to privacy concerns and partly due to the legal complexity of on-chain credit data.
The adoption pattern is telling. SBTs succeed where privacy stakes are low (event attendance, DAO membership) and struggle where privacy stakes are high (education, employment, finance). This suggests that the SBT model, as currently implemented, is fundamentally misaligned with use cases that involve sensitive personal data.
SBTs vs. Verifiable Credentials
The comparison between SBTs and W3C Verifiable Credentials is essential for understanding where each model fits.
| Property | Soulbound Tokens | Verifiable Credentials |
|---|---|---|
| Storage | On-chain (public by default) | Off-chain (private by default) |
| Disclosure | Always visible | Selective disclosure |
| Privacy | Requires ZK overlay | Privacy-preserving by design |
| Interoperability | Limited to EVM chains | Cross-chain, cross-platform (W3C standard) |
| Revocation | Burn transaction (public) | Status list (can be private) |
| Composability | DeFi-native, readable by smart contracts | Requires off-chain verification |
| Social Signal | Visible collection | Hidden unless presented |
The critical advantage of SBTs is composability with smart contracts. A DeFi protocol can read an SBT directly from the blockchain and make automated decisions based on its presence. A verifiable credential cannot be read by a smart contract without an oracle or on-chain verification step. For applications that need automated, trustless credential verification, SBTs offer a capability that VCs do not.
The critical advantage of VCs is privacy. Credential data is stored by the holder, not on a public blockchain. The holder decides what to share, with whom, and when. For applications aligned with self-sovereign identity principles, VCs are the more coherent choice.
Implications for Stealth Cloud
Stealth Cloud’s architecture is built on the principle that user data should never exist on servers in readable form. SBTs, as currently implemented, violate this principle by design. They publish credential data to a public blockchain where it is permanently and universally readable.
However, the underlying concept, non-transferable proof of attributes, is valuable for privacy infrastructure. A GhostPass user might want to prove they hold a specific credential without revealing their identity. The technology for this exists: ZK proofs derived from SBTs or verifiable credentials, verified against on-chain commitments, revealing nothing beyond the proven property.
The implementation matters more than the standard. A soulbound token that publishes “Alice holds a PhD from MIT” to a public blockchain is a privacy failure. A ZK proof derived from a soulbound credential that proves “the holder has a graduate degree” without revealing the holder’s identity, the institution, or the specific degree is a privacy achievement. The difference is not the token. It is the disclosure architecture built around it.
The question for builders is not “SBTs or VCs?” It is “What is the minimum disclosure necessary for this interaction, and which technology enforces that minimum?” If the answer is zero disclosure beyond a boolean property, ZK proofs are required regardless of whether the underlying credential is an SBT or a VC. If the answer is full public disclosure, SBTs work and VCs are unnecessary overhead.
For Stealth Cloud, the answer is almost always minimum disclosure. Users proving they are authorized to access a service. Users proving they are not on a sanctions list. Users proving they are human. None of these proofs require publishing a permanent credential to a public blockchain. All of them can be achieved with zero-knowledge techniques that leave no trace.
The Stealth Cloud Perspective
Soulbound Tokens name an important concept, non-transferable digital credentials, but the dominant implementations betray the concept’s potential by publishing private data to public blockchains. The right answer is not to abandon non-transferable credentials. It is to build them on zero-knowledge infrastructure where the proof is public but the data never is. Credentials should be soulbound. They should not be publicly exhibited.