Onchain Identity & Reputation
Building trust in a trustless world: the infrastructure of Web3 identity, reputation systems, and proof of personhood.
Table of Contents
What Is Onchain Identity?
Onchain identity is the infrastructure that allows you to prove who you are, what you've done, and what you're trusted to do—all without relying on a central authority. In traditional finance, your identity is verified and managed by institutions like banks, governments, and credit bureaus. In Web3, identity is decentralized, cryptographically verifiable, and composable.
An onchain identity isn't just your wallet address (though that's part of it). It's a constellation of credentials, attestations, and verifiable claims that build up over time. Did you participate in governance? That's recorded onchain. Did you receive an attestation from a protocol you trusted? That's permanent and portable. Did you pass KYC? A privacy-preserving proof of that can live onchain without exposing your personal data.
The core principle: identity should be portable, self-sovereign, and composable. You own your identity, not a platform. You can use it across many applications. Others can build on top of your identity layer without asking permission.
Key Concept: Decentralized Identifiers (DIDs)
A DID is a globally unique identifier that doesn't depend on any centralized registry. It's usually derived from cryptographic material (like a public key) and can be resolved to metadata about the identity. Your Ethereum address is a simple form of DID. More complex DIDs follow the W3C spec: did:ethereum:mainnet:0x1234...
Soulbound Tokens (SBTs)
Soulbound Tokens were introduced by Vitalik Buterin, Juan Benet, and Stani Kulechov in their 2022 paper "Decentralized Society: Finding Web3's Soul." After four years of refinement, SBTs have matured into a critical identity primitive in 2026.
An SBT is an NFT that can't be transferred, sold, or traded. Once you receive it, it's bound to your wallet (your "soul"). Unlike regular NFTs, SBTs have no market price—their value is entirely in what they represent: a verified claim about you.
Examples of SBTs you might hold in 2026:
- Education SBT: Proof you graduated from a university or completed a bootcamp
- Employment SBT: Issued by your employer as proof of work history
- Credential SBT: From auditors confirming your smart contract audit experience
- Governance SBT: Shows you participated in a DAO's governance above a threshold
- Lending/Repayment SBT: Proof you repaid DeFi loans (credit history onchain)
Technical Note: SBT Implementations
SBTs use non-transferable NFT standards (ERC-5192 on Ethereum). They live onchain, are cryptographically verifiable, and can be revoked by the issuer. Some protocols implement "recovery" via a multisig or trusted circle—if your wallet is compromised, your social recovery can transfer your SBTs to a new address.
The power of SBTs: they're permanent, portable, and programmable. A DeFi protocol can check if you hold an SBT proving past loan repayment, and offer you better terms. A DAO can weight voting power by how many governance SBTs you hold from respected protocols.
Ethereum Attestation Service (EAS)
EAS is the open protocol for making onchain attestations. Launched in 2023 and widely adopted by 2026, EAS is the plumbing layer that powers decentralized identity infrastructure across Ethereum and multiple L2s.
Think of EAS as a generic, permissionless way for anyone to issue cryptographically verifiable claims about anything (or anyone). An attestation is a signed statement from an attester about a subject. The attestation is stored onchain and can be verified by anyone.
Example flow:
- Polygon ID (a DID provider) issues an attestation: "Alice passed KYC on 2026-03-24"
- The attestation is submitted to EAS onchain on Ethereum mainnet
- The attestation gets a unique UID and is stored in the EAS contract
- A DeFi protocol queries EAS and sees the attestation, trusting that Alice can participate
- Alice can prove her KYC status to any other protocol using the same attestation UID
Schema-Based Attestations
EAS uses schemas to define what an attestation contains. A schema might specify: "This attestation contains a boolean (passed_kyc) and an address (approved_jurisdiction)." Anyone can create a new schema, and anyone can issue attestations following that schema. This is composable identity infrastructure.
EAS is deployed on Ethereum mainnet, Arbitrum, Optimism, Base, Polygon, Sepolia (testnet), and other chains. By 2026, major identity providers have standardized around EAS as the attestation layer, making identity claims interoperable across protocols and chains.
Proof of Personhood: Biometrics & Social Proofs
One of the hardest identity problems in Web3 is Sybil resistance: proving that you're one person, not many accounts controlled by the same entity. Proof of personhood is the answer.
Several approaches have emerged by 2026:
Worldcoin / World ID
Worldcoin scans your iris with a specialized hardware device (an "Orb") and creates a zero-knowledge proof that you're a unique human without revealing which human you are. You get a World ID credential that you can use onchain to prove personhood.
By 2026, Worldcoin has 15M+ verified humans and operates in 150+ countries. The World ID is the most widely adopted biometric proof of personhood in crypto.
Gitcoin Passport
Gitcoin Passport takes a different approach: it's a composable identity score built from multiple "stamps"—verified claims from different sources. Connect your GitHub, Twitter, Discord, or pass a Worldcoin scan, and each adds a stamp to your passport. The more diverse your stamps, the higher your Sybil resistance score.
By 2026, Gitcoin Passport scores are used in governance voting, airdrop eligibility, and DeFi access control. It's the standard for permissionless identity verification in Ethereum governance.
BrightID, Sproul, & Social Verification
BrightID uses a social graph approach: you prove you're unique by connecting with friends who've already verified their uniqueness. Sproul uses AI and behavior analysis. These are less invasive than biometrics but less cryptographically certain.
The 2026 consensus: use multiple proof methods together. World ID + Gitcoin Passport + social graph creates robust Sybil resistance for high-value governance or lending decisions.
Privacy-Preserving Proofs
Worldcoin's iris scan is converted to a zero-knowledge proof—no personal biometric data is stored onchain. Gitcoin Passport scores can be proven without revealing which stamps you hold. The goal: prove you're human/unique without exposing your identity.
Real-World Use Cases in 2026
Undercollateralized DeFi Lending
Normally, DeFi lending requires you to put up collateral worth more than the loan (overcollateralization). With onchain identity, you can prove your credit history. If your SBTs show you've repaid 100 loans on Aave, a protocol might lend you 2x your collateral. Your identity is collateral.
Sybil-Resistant Governance
DAOs now gate voting power by Gitcoin Passport score. You need a minimum score to vote, preventing one person from creating 100 accounts to control governance. By 2026, most governance protocols weight voting by identity strength, not just token holdings.
Airdrop Eligibility & Community Building
Protocols distribute airdrops only to users meeting identity thresholds (Gitcoin Passport score > 20, or World ID verified). This filters bots and increases the chance the tokens go to genuine community members. By 2026, governance airdrops are nearly 100% gated by identity.
Onchain Hiring & Resumes
Your identity is an onchain resume. Completed a Crypto Bootcamp? SBT from the bootcamp provider. Audited 50+ smart contracts? SBT from Trail of Bits or OpenZeppelin. Passed a Solidity exam? SBT from Certora. Job-seeking developers show their identity stack to find roles; DAOs hire based on verifiable credentials instead of GitHub or resumes.
Sanction Compliance & KYC at Scale
Protocols issue attestations: "This address passed KYC and is not on OFAC sanctions list." One KYC check (costly) can be proven to many protocols via EAS. By 2026, institutional DeFi uses identity attestations for compliance, not sending KYC details to each protocol.
Key Protocols & Platforms Comparison
By 2026, these are the dominant identity and attestation platforms:
| Protocol | Type | How It Works | Use Cases |
|---|---|---|---|
| Ethereum Attestation Service (EAS) | Attestation Layer | Permissionless onchain attestations via schemas | All identity operations |
| Worldcoin / World ID | Biometric PoP | Iris scanning + ZK proof | Sybil resistance, airdrops |
| Gitcoin Passport | Composable Score | Multiple verification stamps (GitHub, Twitter, biometric) | Governance, airdrops, lending |
| Polygon ID | DID Provider | Polygon's DID with VC support, KYC/AML | KYC, issuing credentials |
| Galxe / Layer3 | Credential/Quest Platform | Gamified identity building via quests and achievements | Community building, airdrops |
| BrightID | Social Graph PoP | Social connections + contextual review | Sybil resistance via social |
In 2026, best practice is to combine these. Use EAS as your attestation infrastructure, Gitcoin Passport + World ID for Sybil resistance, and Polygon ID for institutional KYC. Galxe for engagement and community identity-building.
Risks & Challenges
Privacy Concerns
Even with zero-knowledge proofs, storing identity attestations onchain creates a permanent record. If you prove you're in a sanctioned country or failed KYC, that could be used against you in the future. Privacy-preserving tech is improving (ZK proofs, encrypted attestations) but is still immature. Balance identity utility with privacy risk.
Centralization of Identity Providers
Worldcoin, Gitcoin, and Polygon ID are still centralized companies. If Worldcoin's iris database is breached, millions of users' biometric data could be exposed. If Gitcoin Passport goes down, DAOs can't verify members. Decentralized alternatives exist but lack scale. Diversify your identity across providers.
Attestation Spam & Manipulation
Since anyone can issue EAS attestations, bad actors can create fake credentials. "Alice passed security audit"—said by a bot, not a real auditor. Applications need careful off-chain verification of attesters and inclusion of trusted attesters in their logic. By 2026, protocols maintain "trusted attester lists" onchain, but this reintroduces centralization.
Composability Challenges
If you use your Gitcoin Passport for governance voting, what happens when the scoring algorithm changes? Your "identity" becomes unstable. Cross-protocol identity composition is still fragile. Revocations of attestations can break downstream applications. Standards and best practices are still being defined in 2026.
Adoption & Friction
Onchain identity still requires significant user friction. Getting World ID verified requires finding an Orb. Connecting Gitcoin stamps takes effort. By 2026, adoption is 50M+ users (mostly in governance and airdrop use cases) but is still far from mainstream. Many crypto users still haven't set up an identity.
Regulatory Uncertainty
Governments haven't fully clarified the legal status of onchain attestations, SBTs, or identity credentials. Is an attestation a financial product? A regulated credential? By 2026, the regulatory landscape is still uncertain, and major institutions are cautious.
Frequently Asked Questions
Q: Will onchain identity replace traditional KYC?
Not fully, but it will supplement it. Onchain KYC attestations are cheaper and more reusable than traditional KYC, so more applications will accept them. By 2030, most of crypto will use onchain KYC, but traditional institutions will still require government-issued ID for banks.
Q: Can I hide my identity if I have onchain credentials?
Yes, but with trade-offs. You can create a new wallet and not connect it to your main identity. Or use privacy-preserving proofs (ZK) to prove credentials without revealing the wallet. However, if you want the social/reputational benefits of your identity, you need to link it publicly.
Q: What if I lose access to my wallet holding my SBTs?
Some protocols offer social recovery: a multisig of friends can approve a new wallet to receive your SBTs. Others allow re-issuance if you re-verify. Most SBT systems are still building recovery mechanisms. By 2026, best practice is to use a hardware wallet or multisig to secure your identity wallet.
Q: How do I get started with onchain identity in 2026?
Step 1: Connect to Gitcoin Passport and add stamps (free). Step 2: If you can, get World ID verified (takes 5 min at an Orb). Step 3: Connect your identity to protocols you use (Aave, OpenGov, etc.). Step 4: Look for airdrops and governance opportunities gated by identity.
Q: What's the difference between SBTs and regular NFTs with metadata?
SBTs are non-transferable—you can't sell them. They're also revocable by the issuer. This prevents identity market speculation and ensures credentials can't be stolen and resold. Regular NFTs are tradeable, so they're better for art or collectibles, not credentials.
Related Articles
The Identity Layer Arrives
By 2026, onchain identity is no longer theoretical. It's built, deployed, and being used by millions of people for governance, lending, and airdrops. Soulbound Tokens are a standard primitive. Ethereum Attestation Service is the infrastructure. Proof of personhood is practical.
What's not yet mature: cross-chain identity, privacy-preserving computation at scale, regulatory clarity, and truly decentralized identity providers. But the foundation is solid.
Start building your onchain identity today. Connect to Gitcoin Passport. Get verified on World ID. Earn SBTs from protocols you use. Your reputation—built transparently and owned by you—is the future of trust in crypto.