The Rise Of Sneaker Bots: How We Stop Them – And How You Can Too

How much would you pay for a pair of shoes? 

For some, the answer is more than US$10,000.

As sneakers grew more popular throughout the 1980s and 1990s, so too did sneaker collecting. 

Big brands like Nike and Adidas started selling limited edition shoes, often marketing them alongside celebrities (usually music artists and sports stars). 

Until a few years ago, it wasn’t uncommon to see “sneakerheads” queuing overnight outside retailers to try and get hold of these limited edition drops. 

Naturally, not everyone can get hold of a pair directly from the retailer, and the lingering demand led to a massive reseller market that some people estimate is over US$10 billion globally in value. 

Like much of retail during the 2010s, limited edition sneaker drops moved partly or wholly online. Sensing an opportunity, sneakerheads and resellers looked for the best chance possible of getting hold of these drops. 

They turned to “sneaker bots”.

Why are sneaker bots such a big deal? 

On big sneaker drops, most online retailers will have a system (usually a first-come-first-serve queue or randomised lottery) to ensure that everyone has a “fair” chance to purchase.

These systems, however, can be exploited by sneaker bots that exploit flaws in a website to give users a better chance of purchasing shoes. For example, they may enter multiple tickets into a lottery drop. In queues, they can enter multiple places in a line and purchase in each one. By comparison, non-botters may only make one purchase. 

Sneaker bots aren’t illegal, but do often violate retailers’ terms and conditions of purchase. Nike’s terms, for example, do not allow reselling and let the company cancel purchases that bots make. 

Dealing with the bots themselves is easier said than done. Most sneaker bots use residential proxies to imitate the behaviour of normal users from household locations. This makes bots that use them much harder to block than other types of proxies, as each request comes from a different IP. Moreover, most of these proxy solutions are self-healing, meaning that when one proxy network gets identified, it automatically connects to another. 

To make matters worse for retailers (and, by extension, their legitimate customers), sneaker botters will group together to avoid restrictions. For example, botters will scrape site APIs for availability information and then share it, making secret URLs unreliable. It’s not uncommon for presale “friends and family” lists to be compromised by botter groups, too.

It’s all part of a bigger culture. Some botters make money selling information, others from selling the bot software. Cash aside, many are in it for bragging rights, membership in an online community, or because it’s something to do. 

Whatever their motivations, it only takes a handful of sneakerheads with bot software to overwhelm your drop, squeezing out your loyal fans.

How to deal with bots: what works for us?

At Crowdhandler, we’ve dealt with a few sneaker bot attacks recently. A recent shoe drop we were involved in saw over 200,000 bots attempt to buy 360 pairs in just under one hour. We blocked all of them with a 100% success rate. 

Here are a few strategies that work for us: 

1. Put all purchasers in a waiting room. It sounds simple, but it means that you can randomly distribute users into a queue or pick them out. This means that bots aren’t faster than humans.
   

2. Add a captcha to the pre-waiting room. It’s a time-tested way to prevent bots from flooding queue spaces.
   

3. Put in place protections to correlate orders to queue positions so that bots cannot skip the queue.
   

4. Enable real-time cancellation of orders that do not line up with queue positions. This way, bots can’t overwhelm the site order process with a brute-force attack.
   

5. Run bot detection software that identifies suspicious activity. Any anomalous sessions—such as unusually fast clicks or high traffic from a single IP— can then be flagged and banned. Our platform does this automatically.
   

6. Track the order data to see if purchases are being ordered to the same physical address. Unlike tickets, you can’t ship sneakers virtually. This means that you can limit purchases to one per zip code. For example, you may see lots of ‘apartment numbers’ that all correlate to the same domestic address or even drop-shipping facility – a sure sign that someone is botting. 

Set expectations

If you start blocking bots successfully, don’t be surprised if your limited edition drops take longer to sell out than you initially expected. One of the main reasons sneakers sell out so quickly is because of sneaker bots. 

This is about setting clear rules. You are not trying to stop sneaker enthusiasts from getting their hands on your coveted pair, just levelling the playing field so that one or two don’t take all the stock. 

Therefore, you must balance short-term interests with long-term ones. Failing to deal with sneaker bots might make drops sell out more quickly, but you could lose loyal customers who don’t break the rules if it means they don’t have a fair chance of getting a pair. 

Crowdhandler lets you set clear expectations as to what the rules are and then enforce them. If you want to know how CrowdHandler can block sneakerbots in action, sign up for free.