What are sneaker bots?
A sneaker bot, also known as a “shoe bot”, is software that’s designed to help purchase sneakers by performing automated tasks like entering raffles, completing checkouts, and checking for inventory.
Sneaker bots imitate the behavior of human users, only faster and in larger volumes. Bots can unfairly find and purchase sneakers in ways human customers can’t.
Sneaker bots come in many shapes and sizes and can perform many different tasks. Raffle bots, for instance, generate thousands of fake accounts and email addresses to increase users’ chances of winning a sneaker raffle.
Other common examples of sneaker bots include:
- Scraping bots: Bots that constantly scan websites for restocks and new releases.
- Scalper bots: Bots that automatically complete a checkout when stock becomes available.
- Denial of inventory bots: Bots that hold items in their cart and only purchase it once they’ve resold the item for profit on a secondary marketplace.
- Footprinting bots: Bots that search for hidden web pages to purchase items before the public finds them.
- Account creation bots: Bots that use proxies and fake email addresses to create accounts en masse.
- All in one (AIO) bots: Bots designed to do everything a user would need to get a competitive advantage for exclusive drops (all of the above).
RELATED: Bots Explained: How do Sneaker Bots Work?
In the sneaker world, each of these bots are then broken down into categories for different retailers.
There’s Nike bots, adidas bots, even Queue-it bots. These are each designed specifically to attempt to circumvent different drop mechanisms different and bot mitigation tools.
Do you have a bot problem? Get your free guide to uncover the risks of bots & discover how you can beat them
Get my guide
Are sneaker bots illegal?
Using a bot to purchase sneakers or other retail goods is not currently illegal. Sneaker botting may violate the retailer's terms and conditions, allowing them to cancel the order and charge a restocking fee, but it's not illegal.
Purchasing and reselling tickets using bots, on the other hand, became illegal in 2016 after the U.S. BOTS Act passed. But no such act has been passed for sneakers.
The Stopping Grinch Bots Act was introduced to congress in late 2021, but hasn’t progressed since then. This act would make it unlawful:
“to circumvent a security measure, access control system, or other technological control or measure on an Internet website or online service to enforce posted purchasing limits or to manage inventory” (aka to use a sneaker bot)
But even if the Grinch Bots Act became law, it’s unlikely much would change. The BOTS act targeting ticket bots proved that.
The first and only legal action under the BOTS Act came a full five years after its introduction, in 2021.
And years later, ticket botting remains alive and well.
RELATED:Everything You Need to Know About Ticket Bots
Essentially, this puts responsibility to stop bots—be it in ticketing or sneakers—on the businesses selling the in-demand products.
That’s why major retailers are investing in sneaker bot mitigation. It’s why Nike have changed their terms of service to include clauses that enable them to charge restocking fees, decline refunds, and suspend the accounts of people it determines are buying sneakers with the intent to resell them.
But why are retailers like Nike, Amazon, Sony and Foot Locker going all in on bot mitigation today, rather than years ago?
To understand that, we need to understand a bit about the history of sneaker bots.
How has sneaker botting evolved?
Sneaker bots kicked off seriously in 2012 with therelease of the Air Jordan Doernbecher 9.
Nike released the shoe via Twitter. Shoppers could reserve the shoe by being first to direct message (DM) the company.
Quickly, people created bots to scour Twitter’s API and DM Nike after any tweets with terms like “reserve now” or “Doernbecher”. With these bots “you could send hundreds of DMs in a tenth of a second,”saysone botmaker.
Humans didn’t stand a chance.
In the years that followed, sneaker botting exploded.
Sneaker verification and resale marketplaces like StockX, GOAT, and Stadium Goods all entered the market in 2015, making reselling safer, easier, and more profitable.
Kanye West’s Yeezy adidas collaboration launched and saw massive resale prices, starting a sneaker drop collaboration trend.
Brands from New Balance to Asics to Converse all embraced the product drop model—diversifying and expanding the resale market.
RELATED: Sneakers—and by extension the bots that could get them—became assets. If you visit StockX—what the New York Times called “A Nasdaq for Sneakerheads”—you’d be forgiven for thinking you were looking at shares of Nike stock, not a resale site for sneakers.
In this market, the best bot developers shifted from botting sneakers to creating and selling bots. They scaled up their operations without needing to deal with customers on marketplaces and huge volumes of inventory.
Ironically, a whole resale market emerged for these sneaker bots, which are sometimes resold for up to 10x their original price.
Today, the sneaker bot and reselling ecosystem involves:
- Bots for sale: You can buy any number of bots directly from developers or on the secondary market.
- Cook groups: Paid membership groups (usually on Discord) with insider information and sneaker stock alerts.
- Bot-as-a-Service: Bot subscription services with employees, 24/7 support, and regular software updates
- Add to cart services: Businesses you can pay to execute sneaker purchases for you.
- Secondary markets: Marketplaces with verification services, price trackers, auctions, and much more.
One analysis of a sneaker bot business estimated it makes just under $200k per year from its software sales and subscription services alone.
And Queue-it co-founder Niels Henrik Sodemanntold Forbes,"We believe that there [are] at least a hundred organizations ... where people can sign up to get the access to the sneakers."
You can hear about the scale of today’s bot problem in Sodemann’s TechFirst interview with journalist John Koetsier.
RELATED:
What are the business impacts of sneaker bots?
Using bots to buy and resell sneakers is a perfect example ofrent-seeking behavior. That’s economist talk for profit-seeking without social value—in a word, leeching.
But bots for shoes are more than just a nuisance. When you sell a $140 pair of Travis Scott Air Jordans that middlemen then resell for 10-20 times retail price, your business loses out in several ways.
1. Missed connection with true customers
When a true customer buys your sneakers from a resale site instead of your business, you miss out on so much.
First, you miss a chance to create a connection with a valuable customer. Sneaker drops are a great opportunity to reward loyal customers and bring new customers into the fold. Shopping bots sever the relationship between your potential customers and your brand.
Second, this ruptured relationship loses you sales in the future. The lifetime value of the reseller is not as valuable as a satisfied customer who regularly returns to buy additional products.
Sneaker bots are in it to flip a couple select items.
They couldn’t care less about your other apparel and accessories.
They won’t evangelize your brand.
And they certainly won’t engage with customer nurture flows that reduce costs needed to acquire new customers.
RELATED:Ecommerce Loyalty Programs: How to Keep Customers Coming Back for MoreLast, you lose purchase activity that forms invaluable business intelligence. Resellers get data on who the actual buyers are, not you. This leaves no chance for upselling and tailored marketing reach outs.
2. Flawed data for decision-making.
Bots can skew your data on several fronts, clouding up the reporting you need to make informed business decisions.
Skewed web analytics caused by bots result in an estimated 5% loss in revenue for retailers.
The fake accounts that bots generate en masse can give a false impression of your true customer base. Since some services like customer management or email marketing systems charge based on account volumes, this could also create additional costs.
Denial of inventory bots can wreak havoc on your cart abandonment metrics, as they dump product not bought on the secondary market.
Marketing spend and digital operations are just two of the many areas harmed by shopping bots.
Discover 10 techniques & tools to beat bad bots with your free retail bots guide
Get my guide
3. Damaged brand reputation
Simply put, genuine customers view sneaker bots snapping up most or all available product as incredibly unfair.35% of online businessesreport bot attacks result in:
- Brand or reputational damage
- Reduction in online conversions
- More frequent data leaks
What’s more, a massive 97% of businesses report their customer satisfaction has been impacted by bot attacks.
Pair these with the negative press and thousands of angry Tweets bot attacks attract, and you quickly start to erode your brand's reputation.RELATED: Customer Loyalty in Ecommerce: The Surprising Benefits of Fairness
4. Bots increase operational & support costs
Researchestimates 75% to 80% of ecommerce operational costs are negatively impacted by malicious bots. These include:
- Website infrastructure costs
- Advertising and marketing expenditure
- Customer support costs
- Checkout fraud costs
In another survey,33% of online businessessaid bot attacks resulted in increased infrastructure costs. While 32% said bots increase operational and logistical bottlenecks.
Plus, if a bot attack slows or crashes your site, the burden on your teams and revenue will be even worse.
RELATED: How SNIPES Manages Massive Traffic for Hyped Sneaker Drops
5. Website crashes & slowdowns
Increased web traffic doesn’t just mean higher infrastructure costs, it can also mean slowed and crashed websites,making it impossible for you to sell your products.
45% of online businessessaid bot attacks resulted in more website and IT crashes in 2022.
To give you an idea as to why: aSupreme launchsaw 986 million pageviews and 1.9 billion purchase attempts to their server in ONE DAY alone.
Sneaker bots essentially run unintentional (and sometimes intentional) distributed denial-of-service (DDoS) attacks on your site. A DDoS attack is when a server is overloaded with traffic causing disruption. DDoS attacks are what suspiciously crashed 70 Ukrainian government websites in early 2021.
The costs of website crashes like this are staggering: 91% of enterprises report downtime costs exceeding $300,000 per hour.
Bot activity was behind website issues that led Strangelove Skateboards and Nike tocancel their Valentine’s Day collaboration.
On the day of the launch, the company said via Instagram that“raging botbarians at the gate broke in the back door and created a monumental mess for us this evening … Circ*mstances spun way, way out of control in the span of just two short minutes.”
Bots crashed the site, forcing the sneaker drop offline.
RELATED: How High Online Traffic Can Crash Your Site
Do sneaker raffles stop sneaker bots?
Sneaker raffles are among the most common drop mechanisms for sneaker retailers today. They prevent the massive traffic peaks caused by first-come, first-served (FCFS) sneaker drops, and give retailers extra opportunities to identify and remove illegitimate users and entries.
RELATED: But in recent years, many brands havemoved away from traditional raffles.
They either reserve raffles for only their most hyped drops, or do away with them altogether.
Why?
Becausewhile traditional sneaker raffles solve some issues, they also create new ones.Retailers that run traditional sneaker raffles typically deal with:
- Raffle bots making raffles unfair
- A lack of transparency for customers
- Difficulty capitalizing on hype
- Persistent issues with high demand
- Needing to share customer data with third-party raffle services
In one Reddit poll, almost 45% of sneakerheads said they stopped bothering to join raffles altogether, because they simply thought they had no chance of winning.
If sneaker raffles aren’t the answer to the sneaker world’s bot problem, what is? How can retailers stop sneaker bots?
RELATED: Why Major Sneaker Brands are Running “Live Raffles” For High Heat Sneaker Drops
How can retailers beat sneaker bots?
Sneaker retailers are getting hit with more bot traffic for every drop. Real customers are fed up and angry. The lucrative reselling business is attracting smarter people and adopting more sophisticated business models. And lawmakers won’t even pass—let alone enforce—legislation to do anything about the sneaker world’s bot problem.
So what can be done?
Before we jump into how to stop sneaker bots and resellers, you should know: it won’t be easy.
There’s plenty of money to be made in sneaker resale. So botmakers and operators will keep plowing money into the arms race against retailers.
You need to change the economics of bot attacks. That means targeting each attack vector and increasing bot operators’ costs to beat your protections.
Here’s five steps you need to take if you’re serious about stopping sneaker bots.
1. Monitor & identify bot traffic
Monitoring is key to preventing bots because user behavior will let you tell real sneakerheads from bad bots.
For example, if there’s a high concentration of visitors using the same IP address, it’s a red flag that bots are at play.
At Queue-it, we’ve found over 50% of the bots blocked by our virtual waiting room’sabuse and bot protectionemanate from the same IP address.
The bots are trying to simulate real users on a massive scale. But getting unique IP addresses is an additional step that not all bot operators take.
2. Use sneaker bot protection to prevent account fraud
When bot operators try to buy many pairs of sneakers, they need several accounts for the purchases.
On account creation,bot mitigation toolslikeAkamai, Imperva,and PerimeterX validate biometric data like mouse movements, mobile swipe, and accelerometer data to distinguish bots from real users, and then feed that data into machine learning algorithms.
You can also block or enforce Google’s reCAPTCHA or Queue-it CAPTCHA on traffic from known bot hosting providers and outdated browsers typically used to run bots.
3. Run post-sale audits
Post-sale audits are a crucial step in many sneaker retailers’ bot prevention toolkits. This involves a team pouring over the details of purchasers or raffle entrants to identify suspicious customers.
Look for multiple orders containing the same:
- Credit card or purchase details
- Address or addresses (one trick botters use is to add different apartment numbers to the end of their home address to circumvent these checks).
- Phone number or email address
- Name or names
- IP address
It’s important that retailers running post-sale audits have clauses in their terms of service that allow them to cancel orders they deem to be suspicious. Like Nike, you can even add a restocking fee to increase the cost of botting for those you catch out.
This can be a resource-intensive process, but it's highly effective for catching bad actors out.
4. Protect against sneaker bots with web traffic management
A security checkpoint in an airport screens passengers before they can board their flight.
Similarly, avirtual waiting roomacts as a checkpoint inserted between a web page on your website and the purchase path.
A virtual waiting room is uniquely positioned to filter out bots by allowing you to run visitor identification checks before visitors can proceed with their purchase.
Ticketmaster, for instance,reportsblocking over 13 billion bots with the help of Queue-it's virtual waiting room.
The virtual waiting room has the added benefit ofproviding a fair shopping experience during hyped product releases, by randomizing anyone who comes early and placing latecomers in the waiting room in a first-come, first-served order.
Related:
By managing your traffic, you'll get full visibility with server-side analyticsthat helps you detect and act on suspicious traffic. For example, the virtual waiting room can flag aggressive IP addresses trying to take multiple spots in line, or traffic coming from data centers known to be bot havens. These insights can help you close the door on bad bots before they ever reach your website.
5. Run exclusive access drops
With bots finding workarounds for so many different mitigation strategies, many retailers have turned to just offering high heat drops to their best genuine customers.
Nike CEO John Donahoeexplains: “This approach sends personalized purchase offers to members based on their engagement with SNKRS, past purchase attempts, and other criteria, using data science to drive digital member targeting. For example, 90 percent of the invites for the Off-White Dunk went to members who had lost out on a prior Off-White collaboration over the past two years.”
Adidas also offers exclusive access via their “the invite” drop mechanism, which sends exclusive drop and restock purchase offers to their best customers.
The advantage of the invite-only strategy is that you choose who gets access to your drops. Bots can’t abuse your sales because they’re not invited to them.
You can run secure exclusive sneaker drops using an invite-only waiting room. The invite-only waiting room gates access to a product page with email verification or via unique, single-use links. You simply upload the list of customers you want to grant access to, activate the waiting room, then announce your drop, confident the only people who can get in are those you've invited.
The invite-only waiting room also lets you use your hyped drop as an opportunity to reward loyal customers and incentivize sign-ups to your loyalty program. It empowers you to turn demand into data.
RELATED:
