Matthew Green talks about this in his blog on the subject: https://blog.cryptographyengineering.com/2026/03/02/anonymou...

The two methods that seem feasible are making it hard to copy (putting it in the secure element in your phone, for example, which I don't love) or doing tokens that can only be used a limited number of times per day, like in : https://eprint.iacr.org/2006/454