MAISON CODE .
/ Web3 · Blockchain · Loyalty · Tokengating · Architecture · Innovation

Blockchain Loyalty: Beyond the Hype Cycle

NFTs are not dead; they are just invisible. A technical guide to Tokengated Commerce, Wallet-Connect Auth (SIWE), and Soulbound Loyalty.

AB
Alex B.
Blockchain Loyalty: Beyond the Hype Cycle

In 2021, “Web3” was a casino. Brands sold JPEGs of monkeys for $1M. In 2025, the casino is closed. But the technology remains. And the technology—Cryptographic Ownership—is the most potent loyalty mechanism ever invented.

Traditional Loyalty programs (Miles, Points) are “Walled Gardens”.

  • Your Starbucks stars are trapped in the Starbucks app.
  • Your Airline miles effectively expire when the airline changes the table.

Blockchain Loyalty is “Open Air”. If a customer owns a “VIP Token” (NFT), they hold it in their wallet. They can sell it. They can trade it. Crucially, Other Brands can recognize it. “If user holds a Nike NFT -> Give 10% Off at Spotify.” This is Composable Loyalty.

At Maison Code Paris, we build the infrastructure that makes this invisible. We hide the blockchain behind smooth UX.

Why Maison Code Discusses This

We are not crypto-bros. We are engineers. We see Blockchain as a Public Database with Property Rights. For Luxury Brands, proving “Authenticity” and “Ownership” is the core value proposition. If you buy a Hermes bag, the “Certificate of Authenticity” is a piece of paper. It can be forged. A Token on the blockchain cannot be forged. We help brands bridge the gap between Physical Luxury and Digital Ownership.

1. The Architecture: Tokengating

How do we Enable a product on Shopify based on the contents of a crypto wallet? We do not ask users to “Send 0.1 ETH”. That is friction. We use Tokengating.

  1. Challenge: The Shopify storefront asks the user to “Prove Ownership”.
  2. Signature: The User signs a message with their Private Key (FaceID on Rainbow Wallet). “I control address 0x123…”.
  3. Verification: The Backend verifies the signature cryptographically.
  4. Query: The Backend asks the Blockchain (via Alchemy/Infura): “Does 0x123 own the VIP Token?”
  5. Grant: If Yes, we inject a session cookie vip=true.

The “Sign-In With Ethereum” (SIWE) Flow

We use the standard EIP-4361.

// app/routes/api.auth.tsx (Remix Action)
import { SiweMessage } from 'siwe';

export async function action({ request }) {
  const { message, signature } = await request.json();
  
  // 1. Reconstruct Message
  const siweMessage = new SiweMessage(message);
  
  // 2. Validate Signature (Cryptography)
  const fields = await siweMessage.validate(signature);
  if (fields.nonce !== session.get('nonce')) throw new Error('Replay Attack');
  
  // 3. Check Ownership (The "Gate")
  const balance = await alchemy.nft.getNftsForOwner(fields.address, {
    contractAddresses: ["0xMyContract..."]
  });
  
  if (balance.totalCount === 0) {
     return json({ error: "Access Denied: Buy a Token first." });
  }

  // 4. Create Session
  return createUserSession(fields.address, "tier:VIP");
}

2. Dynamic Pricing via Shopify Functions

Hiding a product is easy. Changing its price is better. We use Shopify Functions to read the Gate Context and apply discounts at the Edge.

Logic:

  • Holder of 1 Genesis Token: 10% Off.
  • Holder of 3 Genesis Tokens: 25% Off.
  • Holder of Partner Token (e.g., Bored Ape): Free Shipping.

This logic is hardcoded in Rust and runs on Shopify’s infrastructure, guaranteeing that savvy users cannot hack the frontend JS to get the discount.

3. Soulbound Tokens (SBT): The Non-Transferable Badge

The problem with NFTs is that they can be sold. If you give “Super VIP” status to your best spender, they might sell it to a random person on OpenSea. Enter Soulbound Tokens (SBT) (EIP-5192). These are NFTs that cannot be transferred. They are permanently bound to the wallet.

Use Case: Certification. A user completes a “Masterclass” course on your site. You mint an SBT “Certified Stylist”. Now, whenever they log in, they get access to the “Pro Store”. They cannot sell this certification.

4. The “Invisible” Wallet approach

“Connect Wallet” is scary for normal people. We implement Smart Wallets (e.g., ThirdWeb, Coinbase Smart Wallet).

  1. User logs in with Email/Google.
  2. Behind the scenes, we generate a wallet for them.
  3. We store the private key in a secure enclave (MPC - Multi-Party Computation).
  4. When we “AirDrop” a loyalty token, we send it to this invisible wallet.

The user says: “Cool, I got a digital badge.” The engineer knows: “They just received an ERC-721 token on Polygon.”

5. Wallet-as-a-Service (WaaS)

For mass adoption, key management is the killer. If a user loses their Private Key, they lose their loyalty points. We use MPC (Multi-Party Computation) wallets (Coinbase / Magic / Privy).

  • The Key is split: One shard on the User’s Device. One shard on the Server. One shard in Backup.
  • Recovery: If user loses device, they can recover via Email (Server Shard + Backup Shard).
  • Security: The Server never sees the full key. It cannot steal funds. This gives “Web2 Usability” with “Web3 Ownership”.

6. Regulatory Frameworks (MiCA & GDPR)

Is this legal? In Europe, MiCA (Markets in Crypto-Assets) regulates tokens. Utility Tokens (Loyalty) are generally safe. Security Tokens (Investment) are heavily regulated. GDPR: The Blockchain is immutable. You cannot “Delete” data. Strategy: Never put PII (Name, Email) on-chain. Only put user preferences and balances. Store the PII in a traditional DB, linked to the Wallet Address. If user requests deletion, delete the DB row. The Wallet Address becomes anonymous data.

7. Gas Fees and L2 Networks

Ethereum Mainnet is too expensive for loyalty. Sending a badge costs $5. We build on L2 Networks (Base, Optimism, Polygon). Transactions cost $0.01. We use Gasless Relayers (Biconomy). The Brand pays the gas. The user pays nothing. To the user, it feels like updating a database row.

6. Physical Backed Tokens (PBT) - IKT

The holy grail is linking the Physical to the Digital. Nike does this with RTFKT. You buy a physical sneaker. It has an NFC chip in the tongue. You tap your phone. It mints the “Digital Twin” NFT to your wallet.

This utilizes the EIP-5791 chip standard. It proves Authenticity. If you buy a second-hand Rolex, you tap it. If it doesn’t mint, it’s fake.

7. The Skeptic’s View

“Nobody cares about crypto anymore.” True. Nobody cares about crypto speculation. But everyone cares about Status. Discord has 150 Million users. Reddit has Avatars. Instagram has Collectibles. We are moving from “Web3” (The Movement) to “On-Chain Internet” (The Infrastructure). Using a database for loyalty is like using a filing cabinet. Using a Blockchain is like using the Internet.

8. The Interoperability Dream (Universal Profiles)

The ultimate goal is the Universal Profile. Today, you have a “Sephora Profile”, a “Nike Profile”, a “Marriott Profile”. They are siloed. In Web3, you have One Profile (ENS). alex.eth. When you log into a new store, you bring your history with you. “I This reduces “Cold Start Problem” for brands. They know you instantly.

9. Conclusion

Blockchain Loyalty is not about selling JPEGs. It is about creating a Universal API for Customer Status. It allows your brand to interoperate with the entire digital economy. At Maison Code, we build these systems so seamlessly that your CEO won’t even know it’s running on a blockchain.

Want to tokenize your brand?

Do you want to launch a “Members Only” store without the password sharing?

Hire our Architects.