Everything you need to know about preventing sneaker bots

Last year, a top 10 sneaker brand dropped an exclusive pair of shoes. Traffic to the site soared. The sneakers sold out.

On the surface, everything went as planned. But behind the scenes, something was wrong.

Queue-it ran a post-sale audit on this sneaker drop, finding 97% of the activity was inorganic—clicks, visits, and requests from bots designed to snatch up stock for resale at huge markups.

Of the 1.7 million visitors who tried to access the drop, less than 100,000 were playing by the rules.

Massive bot numbers like this are becoming increasingly common for sneaker drops. It should be no surprise why—the global sneaker resale market is now worth an estimated $10 billion. Many sneakers resell for 2, 3, even 10 times their retail value.

Sneaker botting and reselling is big business. There are sneaker reseller millionaires. Whole companies with dozens of employees who buy and resell sneakers. Resale marketplaces with multi-billion-dollar valuations.

If these are the winners of the botting and reselling business, who are the losers?

Sneaker retailers and their genuine customers.

In this article, you’ll discover what sneaker bots are, whether bots are legal, how the resale industry has evolved, and the strategies you should (and shouldn’t) use to beat bad sneaker bots.

Table of contents

• What are sneaker bots?
• Are sneaker bots illegal?
• How has sneaker botting evolved?
• What are the business impacts of sneaker bots?
• Do sneaker raffles stop bots?
• How can retailers beat sneaker bots?
  
  

A sneaker bot, also known as a “shoe bot”, is software that’s designed to help purchase sneakers by performing automated tasks like entering raffles, completing checkouts, and checking for inventory.

Sneaker bots imitate the behavior of human users, only faster and in larger volumes. Bots can unfairly find and purchase sneakers in ways human customers can’t.

Sneaker bots come in many shapes and sizes and can perform many different tasks. Raffle bots, for instance, generate thousands of fake accounts and email addresses to increase users’ chances of winning a sneaker raffle.

Other common examples of sneaker bots include:

• Scraping bots: Bots that constantly scan websites for restocks and new releases.
  
  
• Scalper bots: Bots that automatically complete a checkout when stock becomes available.
  
  
• Denial of inventory bots: Bots that hold items in their cart and only purchase it once they’ve resold the item for profit on a secondary marketplace.
  
  
• Footprinting bots: Bots that search for hidden web pages to purchase items before the public finds them.
  
  
• Account creation bots: Bots that use proxies and fake email addresses to create accounts en masse.
  
  
• All in one (AIO) bots: Bots designed to do everything a user would need to get a competitive advantage for exclusive drops (all of the above).

RELATED: Bots Explained: How do Sneaker Bots Work?

In the sneaker world, each of these bots are then broken down into categories for different retailers.

There’s Nike bots, adidas bots, even Queue-it bots. These are each designed specifically to attempt to circumvent different drop mechanisms different and bot mitigation tools.

Do you have a bot problem? Get your free guide to uncover the risks of bots & discover how you can beat them

Get my guide

Using a bot to purchase sneakers or other retail goods is not currently illegal. Sneaker botting may violate the retailer's terms and conditions, allowing them to cancel the order and charge a restocking fee, but it's not illegal.

Purchasing and reselling tickets using bots, on the other hand, became illegal in 2016 after the U.S. BOTS Act passed. But no such act has been passed for sneakers.

The Stopping Grinch Bots Act was introduced to congress in late 2021, but hasn’t progressed since then. This act would make it unlawful:

“to circumvent a security measure, access control system, or other technological control or measure on an Internet website or online service to enforce posted purchasing limits or to manage inventory” (aka to use a sneaker bot)

But even if the Grinch Bots Act became law, it’s unlikely much would change. The BOTS act targeting ticket bots proved that.

The first and only legal action under the BOTS Act came a full five years after its introduction, in 2021.

And years later, ticket botting remains alive and well.

RELATED: Everything You Need to Know About Ticket Bots

Essentially, this puts responsibility to stop bots—be it in ticketing or sneakers—on the businesses selling the in-demand products.

That’s why major retailers are investing in sneaker bot mitigation. It’s why Nike have changed their terms of service to include clauses that enable them to charge restocking fees, decline refunds, and suspend the accounts of people it determines are buying sneakers with the intent to resell them.

But why are retailers like Nike, Amazon, Sony and Foot Locker going all in on bot mitigation today, rather than years ago?

To understand that, we need to understand a bit about the history of sneaker bots.

Sneaker bots kicked off seriously in 2012 with the release of the Air Jordan Doernbecher 9.

Nike released the shoe via Twitter. Shoppers could reserve the shoe by being first to direct message (DM) the company.

Quickly, people created bots to scour Twitter’s API and DM Nike after any tweets with terms like “reserve now” or “Doernbecher”. With these bots “you could send hundreds of DMs in a tenth of a second,” says one botmaker.

Humans didn’t stand a chance.

In the years that followed, sneaker botting exploded.

Sneaker verification and resale marketplaces like StockX, GOAT, and Stadium Goods all entered the market in 2015, making reselling safer, easier, and more profitable.

Kanye West’s Yeezy adidas collaboration launched and saw massive resale prices, starting a sneaker drop collaboration trend.

Brands from New Balance to Asics to Converse all embraced the product drop model—diversifying and expanding the resale market.

RELATED: Drop Culture: The Wild History & Exciting Future of Product Drops

Sneakers—and by extension the bots that could get them—became assets. If you visit StockX—what the New York Times called “A Nasdaq for Sneakerheads”—you’d be forgiven for thinking you were looking at shares of Nike stock, not a resale site for sneakers.

In this market, the best bot developers shifted from botting sneakers to creating and selling bots. They scaled up their operations without needing to deal with customers on marketplaces and huge volumes of inventory.

Ironically, a whole resale market emerged for these sneaker bots, which are sometimes resold for up to 10x their original price.

Today, the sneaker bot and reselling ecosystem involves:

• Bots for sale: You can buy any number of bots directly from developers or on the secondary market.
  
  
• Cook groups: Paid membership groups (usually on Discord) with insider information and sneaker stock alerts.
  
  
• Bot-as-a-Service: Bot subscription services with employees, 24/7 support, and regular software updates
  
  
• Add to cart services: Businesses you can pay to execute sneaker purchases for you.
  
  
• Secondary markets: Marketplaces with verification services, price trackers, auctions, and much more.

One analysis of a sneaker bot business estimated it makes just under $200k per year from its software sales and subscription services alone.

And Queue-it co-founder Niels Henrik Sodemann told Forbes, "We believe that there [are] at least a hundred organizations ... where people can sign up to get the access to the sneakers."

You can hear about the scale of today’s bot problem in Sodemann’s TechFirst interview with journalist John Koetsier.

RELATED: Protect Against Bad Bots & Prevent Abuse With Queue-it's Virtual Waiting Room

Using bots to buy and resell sneakers is a perfect example of rent-seeking behavior. That’s economist talk for profit-seeking without social value—in a word, leeching.

But bots for shoes are more than just a nuisance. When you sell a $140 pair of Travis Scott Air Jordans that middlemen then resell for 10-20 times retail price, your business loses out in several ways.

When a true customer buys your sneakers from a resale site instead of your business, you miss out on so much.

First, you miss a chance to create a connection with a valuable customer. Sneaker drops are a great opportunity to reward loyal customers and bring new customers into the fold. Shopping bots sever the relationship between your potential customers and your brand.

Second, this ruptured relationship loses you sales in the future. The lifetime value of the reseller is not as valuable as a satisfied customer who regularly returns to buy additional products.

Sneaker bots are in it to flip a couple select items.

They couldn’t care less about your other apparel and accessories.

They won’t evangelize your brand.

And they certainly won’t engage with customer nurture flows that reduce costs needed to acquire new customers.

RELATED: Ecommerce Loyalty Programs: How to Keep Customers Coming Back for More

Last, you lose purchase activity that forms invaluable business intelligence. Resellers get data on who the actual buyers are, not you. This leaves no chance for upselling and tailored marketing reach outs.

Bots can skew your data on several fronts, clouding up the reporting you need to make informed business decisions.

Skewed web analytics caused by bots result in an estimated 5% loss in revenue for retailers.

The fake accounts that bots generate en masse can give a false impression of your true customer base. Since some services like customer management or email marketing systems charge based on account volumes, this could also create additional costs.

Denial of inventory bots can wreak havoc on your cart abandonment metrics, as they dump product not bought on the secondary market.

Marketing spend and digital operations are just two of the many areas harmed by shopping bots.

Discover 10 techniques & tools to beat bad bots with your free retail bots guide

Get my guide

Simply put, genuine customers view sneaker bots snapping up most or all available product as incredibly unfair. 35% of online businesses report bot attacks result in:

• Brand or reputational damage
• Reduction in online conversions
• More frequent data leaks

What’s more, a massive 97% of businesses report their customer satisfaction has been impacted by bot attacks.

Pair these with the negative press and thousands of angry Tweets bot attacks attract, and you quickly start to erode your brand's reputation.

RELATED: Customer Loyalty in Ecommerce: The Surprising Benefits of Fairness

Research estimates 75% to 80% of ecommerce operational costs are negatively impacted by malicious bots. These include:

• Website infrastructure costs
• Advertising and marketing expenditure
• Customer support costs
• Checkout fraud costs

In another survey, 33% of online businesses said bot attacks resulted in increased infrastructure costs. While 32% said bots increase operational and logistical bottlenecks.

Plus, if a bot attack slows or crashes your site, the burden on your teams and revenue will be even worse.

RELATED: How SNIPES Manages Massive Traffic for Hyped Sneaker Drops

Increased web traffic doesn’t just mean higher infrastructure costs, it can also mean slowed and crashed websites, making it impossible for you to sell your products.

45% of online businesses said bot attacks resulted in more website and IT crashes in 2022.

To give you an idea as to why: a Supreme launch saw 986 million pageviews and 1.9 billion purchase attempts to their server in ONE DAY alone.

Sneaker bots essentially run unintentional (and sometimes intentional) distributed denial-of-service (DDoS) attacks on your site. A DDoS attack is when a server is overloaded with traffic causing disruption. DDoS attacks are what suspiciously crashed 70 Ukrainian government websites in early 2021. 

The costs of website crashes like this are staggering: 91% of enterprises report downtime costs exceeding $300,000 per hour.

Bot activity was behind website issues that led Strangelove Skateboards and Nike to cancel their Valentine’s Day collaboration.

On the day of the launch, the company said via Instagram that “raging botbarians at the gate broke in the back door and created a monumental mess for us this evening … Circumstances spun way, way out of control in the span of just two short minutes.”

Bots crashed the site, forcing the sneaker drop offline.

RELATED: How High Online Traffic Can Crash Your Site

Sneaker raffles are among the most common drop mechanisms for sneaker retailers today. They prevent the massive traffic peaks caused by first-come, first-served (FCFS) sneaker drops, and give retailers extra opportunities to identify and remove illegitimate users and entries.

RELATED: What Are Sneaker Raffles, How Do They Work & Why Do Retailers Use Them?

But in recent years, many brands have moved away from traditional raffles.

They either reserve raffles for only their most hyped drops, or do away with them altogether.

Why?

Because while traditional sneaker raffles solve some issues, they also create new ones. Retailers that run traditional sneaker raffles typically deal with: 

• Raffle bots making raffles unfair
• A lack of transparency for customers
• Difficulty capitalizing on hype
• Persistent issues with high demand
• Needing to share customer data with third-party raffle services

In one Reddit poll, almost 45% of sneakerheads said they stopped bothering to join raffles altogether, because they simply thought they had no chance of winning.

If sneaker raffles aren’t the answer to the sneaker world’s bot problem, what is? How can retailers stop sneaker bots?

RELATED: Why Major Sneaker Brands are Running “Live Raffles” For High Heat Sneaker Drops

Sneaker retailers are getting hit with more bot traffic for every drop. Real customers are fed up and angry. The lucrative reselling business is attracting smarter people and adopting more sophisticated business models. And lawmakers won’t even pass—let alone enforce—legislation to do anything about the sneaker world’s bot problem.

So what can be done?

Before we jump into how to stop sneaker bots and resellers, you should know: it won’t be easy.

There’s plenty of money to be made in sneaker resale. So botmakers and operators will keep plowing money into the arms race against retailers.

You need to change the economics of bot attacks. That means targeting each attack vector and increasing bot operators’ costs to beat your protections.

Here’s five steps you need to take if you’re serious about stopping sneaker bots.

Monitoring is key to preventing bots because user behavior will let you tell real sneakerheads from bad bots.

For example, if there’s a high concentration of visitors using the same IP address, it’s a red flag that bots are at play.

At Queue-it, we’ve found over 50% of the bots blocked by our virtual waiting room’s abuse and bot protection emanate from the same IP address.

The bots are trying to simulate real users on a massive scale. But getting unique IP addresses is an additional step that not all bot operators take.

When bot operators try to buy many pairs of sneakers, they need several accounts for the purchases.

On account creation, bot mitigation tools like Akamai, Imperva, and PerimeterX validate biometric data like mouse movements, mobile swipe, and accelerometer data to distinguish bots from real users, and then feed that data into machine learning algorithms.

You can also block or enforce Google’s reCAPTCHA or Queue-it CAPTCHA on traffic from known bot hosting providers and outdated browsers typically used to run bots.

Post-sale audits are a crucial step in many sneaker retailers’ bot prevention toolkits. This involves a team pouring over the details of purchasers or raffle entrants to identify suspicious customers.

Look for multiple orders containing the same:

• Credit card or purchase details
• Address or addresses (one trick botters use is to add different apartment numbers to the end of their home address to circumvent these checks).
• Phone number or email address
• Name or names
• IP address

It’s important that retailers running post-sale audits have clauses in their terms of service that allow them to cancel orders they deem to be suspicious. Like Nike, you can even add a restocking fee to increase the cost of botting for those you catch out.

This can be a resource-intensive process, but it's highly effective for catching bad actors out.

A security checkpoint in an airport screens passengers before they can board their flight.

Similarly, a virtual waiting room acts as a checkpoint inserted between a web page on your website and the purchase path.

A virtual waiting room is uniquely positioned to filter out bots by allowing you to run visitor identification checks before visitors can proceed with their purchase.

Ticketmaster, for instance, reports blocking over 13 billion bots with the help of Queue-it's virtual waiting room. 

The virtual waiting room has the added benefit of providing a fair shopping experience during hyped product releases, by randomizing anyone who comes early and placing latecomers in the waiting room in a first-come, first-served order.

Related: Protect Against Bad Bots & Prevent Abuse With a Virtual Waiting Room

By managing your traffic, you'll get full visibility with server-side analytics that helps you detect and act on suspicious traffic. For example, the virtual waiting room can flag aggressive IP addresses trying to take multiple spots in line, or traffic coming from data centers known to be bot havens. These insights can help you close the door on bad bots before they ever reach your website.

With bots finding workarounds for so many different mitigation strategies, many retailers have turned to just offering high heat drops to their best genuine customers.

Nike CEO John Donahoe explains: “This approach sends personalized purchase offers to members based on their engagement with SNKRS, past purchase attempts, and other criteria, using data science to drive digital member targeting. For example, 90 percent of the invites for the Off-White Dunk went to members who had lost out on a prior Off-White collaboration over the past two years.”

Adidas also offers exclusive access via their “the invite” drop mechanism, which sends exclusive drop and restock purchase offers to their best customers.

The advantage of the invite-only strategy is that you choose who gets access to your drops. Bots can’t abuse your sales because they’re not invited to them.

You can run secure exclusive sneaker drops using an invite-only waiting room. The invite-only waiting room gates access to a product page with email verification or via unique, single-use links. You simply upload the list of customers you want to grant access to, activate the waiting room, then announce your drop, confident the only people who can get in are those you've invited.

The invite-only waiting room also lets you use your hyped drop as an opportunity to reward loyal customers and incentivize sign-ups to your loyalty program. It empowers you to turn demand into data.

RELATED: Roll Out the Red Carpet for VIP Customers with Exclusive Invite-only Sales & Drops

“Running the sale with Queue-it in place made sure we achieved our goal of delivering an enhanced experience for our loyal members. We gave them the priority access we had promised them as a cornerstone membership benefit.”

TRISTAN WATSON, ENGINEERING MANAGER

READ THE FULL STORY

Many sneakerheads relate to the below Twitter user when he wrote:

Sneakerheads feel like they need a bot to get any shot at copping sneakers on the primary market.

And they’re not wrong.

Bots provide the fuel for the secondary market and their sky-high prices. All this has understandably strained retailers’ and brands' relationships with their real customers.

At Queue-it, we believe it’s possible to keep sneaker releases in the 21st century while ensuring shoes get in the hands of true sneakerheads.

Online sneaker sales have many advantages compared with in-store or raffle sales—but only if bots are under control.

Unfortunately, legislation isn’t likely to help any time soon.

So to keep the bots truly at bay, you need a best-in-breed, combined bot mitigation solution. Crafting a tailored strategy to mitigate unique attack vectors before, during, and after the sneaker drops gives you the best chance of achieving successful, bot-free sneaker sales.

As major brands from Nike to Amazon to Sony to Foot Locker are recognizing, the fight against bots is a fight for both your customers and your bottom line.

(This blog has been updated since it was written in 2020)