Why 'Soulbound' is Meaningless Without Stealth Addresses

A public SBT is a permanent, queryable tag. It enables global reputation scoring, automated discrimination, and social graph reconstruction by any observer. This is the antithesis of privacy.

• Doxxing Vector: Link wallet activity to real-world identity.
• Sybil Attack Map: Exposes your entire network of accounts.
• Censorship Fuel: Enables blacklisting based on SBT holdings.

If your credit score or employment credential is publicly bound to your main wallet, any counterparty can demand its presentation for access. This creates mandatory disclosure, not voluntary proof.

• Loss of Agency: Cannot choose when or to whom to prove a claim.
• Extortion Risk: "Pay this ransom or we taint your public SBT."
• Forced Association: Your employer's SBT permanently brands your public financial life.

Stealth address protocols, like those proposed for EIP-5564 or used by Zcash, generate a unique, private receiving address for each transaction. SBTs must be issued to these one-time addresses to break the public link.

• Selective Disclosure: Prove SBT ownership via ZK-proofs, not by exposing your primary address.
• Unlinkable Receipt: Issuer cannot track your future activity.
• Mandatory for Adoption: No enterprise or government will use publicly-bound credentials.

The term implies an immutable bond to a 'soul' (identity), not to a publicly observable key. Current implementations bind to a key, which is not a soul. This is a fundamental category error.

• Key ≠ Identity: A wallet is a pseudonym, not a person.
• Privacy by Design: True soulbinding requires privacy-preserving primitives like semaphore or zkSNARKs.
• Architectural Failure: Public SBTs are a regression from the privacy norms of physical credentials.

Public SBTs create walled gardens of reputation. To use your credential across dApps (e.g., Aave, Compound), you must expose your global identity graph to each one, creating massive data leakage.

• Graph Poisoning: One corrupted dApp can pollute your entire on-chain reputation.
• No Compartmentalization: Cannot separate your DeFi identity from your social identity.
• Vendor Lock-in: Your value is trapped within a single, exposed identifier.

The solution is a shift from public NFTs to private, claim-based attestations. Frameworks like Iden3's zkCredentials or Sismo's ZK Badges use zero-knowledge proofs to allow users to prove properties (e.g., "KYC'd") without revealing the source SBT or their main address.

• Minimal Disclosure: Prove you hold a credential, not which one or where.
• Revocable & Portable: Attestations can be updated or revoked by the issuer.
• Composable Privacy: Enables private DeFi, governance, and access control.

A non-transferable token on a public ledger creates an immutable, linkable record of your affiliations, credentials, and social graph. This enables:\n- On-chain profiling by advertisers, employers, or malicious actors.\n- Sybil resistance becomes meaningless if identities are trivially observable and copyable.\n- ERC-4337 Account Abstraction wallets compound the issue by linking all actions to a single public identity.

Generate a one-time address for every transaction or interaction, decoupling activity from a public identity. This is the foundational primitive for private SBTs.\n- Aztec's zk.money demonstrated private DeFi with ~$150M shielded volume.\n- Zcash's zk-SNARKs provide ~2s proof generation for complete transaction privacy.\n- Without this, any "soul" is naked on-chain.

These protocols use zero-knowledge proofs to allow users to prove credentials (SBTs) without revealing the underlying source. This is the application layer for private souls.\n- Sismo ZK Badges use ZKPs to prove membership from private sources.\n- Semaphore enables anonymous signaling in groups with ~300k gas for proof verification.\n- They make SBTs useful without being exposed.

Optimism, Arbitrum, Base process transactions with full public metadata. Deploying SBTs here without a privacy overlay like Tornado Cash (risky) or Aztec Connect (deprecated) is negligent.\n- StarkNet and zkSync have ZK-native architectures but haven't prioritized private execution.\n- This infrastructure gap is why SBTs are currently a liability, not an asset.

For SBT-based economies (e.g., reputation-weighted lending), transactions must be private. This requires private smart contract state.\n- Nocturne Labs is building private accounts on EVM using ZK proofs.\n- FHE (Fully Homomorphic Encryption) projects like Fhenix and Zama enable computation on encrypted data, a potential future primitive.\n- Without this, SBT economies leak value and strategy.

The crypto industry is building permanent digital identity without the essential privacy substrate. This is architectural malpractice.\n- Vitalik's original SBT post emphasized privacy, but implementations ignore it.\n- The real builders are the stealth address and ZK identity teams, not the SBT minting platforms.\n- Until privacy is native, treat public SBTs as a toxic asset.

Every SBT mint and transfer is a permanent, on-chain link between a wallet and an identity. This creates a publicly queryable social graph for any entity (governments, employers, advertisers) to map and analyze.

• Doxxing by Default: A single deanonymization event (e.g., a CEX KYC leak) can expose a user's entire on-chain identity tapestry.
• Chilling Effects: Knowing affiliations are permanently public discourages participation in sensitive DAOs, health protocols, or political groups.

The very mechanisms designed to prove uniqueness (e.g., Gitcoin Passport, Worldcoin) become centralized honeypots of biometric and social data. The privacy trade-off is asymmetric.

• Centralized Correlators: Proof-of-personhood oracles become single points of failure for mass surveillance.
• Metadata Exploitation: Even if the SBT payload is encrypted, the minting event's metadata (timestamp, gas sponsor, associated contracts) provides rich correlation data.

Stealth address protocols (like EIP-5564, ZKSA, or Umbra) allow recipients to generate a fresh, one-time address for each transaction or attestation. The link to their primary identity is cryptographically hidden.

• Unlinkable Receipt: A user can receive an SBT to a stealth address, proving possession without publicly linking it to their main wallet.
• Selective Disclosure: Users can cryptographically prove specific credentials (e.g., "I am a DAO member") to a verifier without revealing their entire SBT portfolio.

Frameworks like Semaphore and ZK-proofs enable users to prove membership in a group or possession of a credential without revealing which specific SBT they hold.

• Anonymous Signaling: A DAO member can vote or signal anonymously, proving only that they are a member.
• Private Airdrops: Protocols can distribute tokens or rewards exclusively to SBT holders, without learning their identities or exposing the recipient list.

Public SBT graphs create perfect audit trails for regulators. This isn't theoretical—Tornado Cash sanctions set the precedent for targeting on-chain privacy infrastructure.

• Automated Compliance: Governments can mandate protocols to blacklist wallets based on SBT affiliations (e.g., members of a certain DAO).
• Liability by Association: Public SBTs could be used as evidence in lawsuits to establish control or association with an entity.

The ecosystem must build on privacy-native layers. Aztec, Zcash, and Mina Protocol demonstrate that private computation and state are possible. SBT standards must be designed for these environments first.

• Default Privacy: SBTs minted on a private L2 (like Aztec) have confidentiality built-in by default.
• Cross-Chain Privacy Bridges: Protocols like zkBridge must evolve to privately attest to SBT holdings across chains without revealing the holder's address.