What is a soulbound token?
A soulbound token (SBT) is a non-transferable token that represents commitments, credentials, or affiliations of a specific wallet (“soul”). The term was coined in a May 2022 paper by Vitalik Buterin, Glen Weyl, and Puja Ohlhaver titled “Decentralized Society: Finding Web3’s Soul.” Unlike standard NFTs, SBTs cannot be sold or transferred — they’re permanently bound to the wallet that received them.
Use cases
Five primary applications. (1) Credentials — university degrees, professional certifications, professional licenses. (2) Memberships — DAO membership, community access tokens. (3) Attestations — KYC verification, accreditation status. (4) Reputation — on-chain history that follows the wallet. (5) Soulbound finance (SoulFi) — undercollateralised lending based on credit-history SBTs.
Technical implementations
Several standards have emerged. (1) ERC-5114 — non-transferable token tied to specific NFTs. (2) ERC-5484 — minimal soulbound token standard. (3) Verifiable Credentials — W3C standard often combined with SBTs. (4) Privacy-preserving SBTs — using ZK proofs to verify credential properties without revealing the credential itself.
Challenges and critiques
Three structural concerns. (1) Privacy — permanent on-chain credentials create privacy risk if linkable to real-world identity. (2) Revocability — credentials may need to be revocable (revoked licenses, expired memberships), conflicting with “permanent” nature. (3) Wallet portability — if a user loses access to a wallet, SBTs are lost; some implementations include guardian-based recovery.
Regulatory implications
SBTs handling personal data (KYC, credentials) face KVKK Article 5 (lawful processing) and GDPR Article 6 considerations. The “permanent” aspect potentially conflicts with KVKK Article 7 right to deletion. Privacy-preserving SBT implementations using ZK proofs offer GDPR/KVKK-friendly architectures.
Türkiye context
For Türk Web3 builders, SBTs offer interesting applications in professional licensing (avukatlık, doktorluk, mühendislik), university credential portability, and DAO membership infrastructure. However, integration with Türk regulatory frameworks (BDDK KYC requirements, KVKK personal data protection) requires careful design — particularly privacy-preserving implementations.
Related: Decentralized Identity, NFT, Account Abstraction.