“Soulbound” NFTs have attracted attention recently, with Ethereum founder Vitalik Buterin being one notable proponent. The concept of a soulbound NFT is derived from the online multiplayer game World of Warcraft. In the game, users are able to obtain high-level weapons and accessories that cannot be traded or exchanged but are instead tied to the user’s account, thus they are “soulbound.”
This concept has been adopted and applied to Web3, mainly for identification purposes. Soulbound tokens cannot be transferred once created or acquired. They are held in wallets known as Souls. Soulbound tokens can be considered permanent attributes or traits that define the “soul” of an account.
The fact that soulbound tokens cannot be exchanged or sold proves that the user is “entitled” to the relevant token. Soulbound tokens could represent medical records, education certificates, criminal records, or even know-your-client/customer (KYC) records. Since different soulbound tokens each have unique functions, users can also separate their tokens among various Souls based on function. For example, they may have one Soul for medical records and another for exchange information and KYC details.
An early implementation of soulbound tokens is the Binance Account Bound (BAB) token. This acts as a form of verification on the BNB Chain for Binance users that have completed KYC. These tokens can also be used for identity verification for other projects without undergoing the same KYC process again. These soulbound NFTs could help regulate token sales, airdrops, voting on governance proposals, and more. With the increased emphasis placed on compliance and regulation, soulbound tokens aim to address these issues while bringing back greater control and access to users.
Soulbound tokens can allow for greater security with regards to user verification. Sybil attacks can be reduced by soulbound tokens that verify unique users are who they claim to be, eliminating the risk of fake users and imposters. Unlike traditional systems, users would also be able to control access to their data to set the visibility of soulbound tokens so that they can control when, with whom, and what details of their information are shared.
Security issues related to soulbound tokens still need to be addressed. Since these tokens are immutable and act as identifiers for individuals on the blockchain, a high level of security is required on both the wallet and token levels. If a user loses access to their wallet, whether due to a hack or the loss of their wallet keys, the result could be disastrous. Proper safeguards are necessary to ensure that user data is safe and can only be accessed by authorized users. Vitalik Buterin discussed a possible solution to the loss of soulbound tokens in his initial whitepaper on the topic, which would allow owners of Soul to appoint “guardians” that have the right to recover an account when required. Greater standardization and review processes for both tokens and wallets are required to ensure that the necessary security features are implemented.
Certain aspects of soulbound tokens still need to be clearly defined for usage to be possible. There is yet to be a standard on the level of privacy available in relation to user data that can be publicly verified and accessed. As described in EIP-5114: Soulbound Badge, soulbound tokens refer to a persona rather than a specific individual. It should not be assumed that there is only one person behind any persona. More work needs to be done in this area to define how soulbound tokens can be granularized and standardized to represent characteristics of only one individual. Greater control given back to the user can alleviate fears that use of the soulbound token will result in censorship and control by centralized entities.
The concept of soulbound tokens is still a new one, and several issues need to be resolved before they will be ready for mainstream use. Greater security must be a preeminent concern, as it will allow for greater trust and adoption of soulbound tokens, bringing manageable identity and data privacy to the blockchain.