Finance glossary

What is a sneaker bot?

Bristol James
6 Min

A sneaker bot is a software application that automates the process of purchasing limited-edition sneakers from online retailers.

These bots are programmed to:

  • Detect new sneaker releases.
  • Add products to a shopping cart, and
  • Automate the checkout process.

Sneaker bots offer a competitive advantage because they complete this process faster than a human could manually. This enables buyers to secure desirable shoes and resell them at inflated prices on secondary markets.

One estimate predicts that the worldwide sneaker resale market will be worth $51.2 billion by 2032 with a CAGR of 16.4%.

How do sneaker bots work?

To start, users input their details (such as bank account information and address) into the bot, which then targets specific websites or products with certain URLs or keywords.

Information is also scraped from the internet about sneakers, such as their price, stock keeping unit (SKU) number as well as the date and time of their release.

Once active, sneaker bots can refresh the product page continuously, detect when shoes become available and make rapid-fire purchases. Other bots will add multiple pairs of sneakers to their carts to reduce inventory and prevent other users from buying them.

Visual infographic showing how a sneaker bot works
An overview of how sneaker bots work (Source: IndusFace)

Proxy servers

Proxies mask the bot’s true IP address and route traffic through different locations to make it appear as if it comes from unique users.

More sophisticated proxies can also mimic human behaviour. For instance, they may browse the sneaker website for a long time before making a purchase or add items to a cart and then abandon them.

Since each “user” has a different IP address and behaves like a human, the sneaker bot can avoid detection and circumvent any anti-bot measures the retailer has in place.

Multiple accounts

Bots also create hundreds or even thousands of user accounts with distinct email addresses, payment details and addresses to bypass site purchase limits.

This technique – which is sometimes referred to as multithreading – allows the bot to simulate numerous individual customers without triggering the retailer’s detection system.

Sneaker bot examples

Some shoe bots target specific brands like Nike, Adidas or Shopify and are designed to work across multiple sites.

The most capable bots can secure a pair of shoes in under a second, which substantially increases the bot operator’s chances of obtaining a pair before they sell out.

Some examples of sneaker bots include:

  • NikeShoeBot (NSB) – an entry-level bot that can buy shoes from any Shopify website. NSB was also the first to incorporate AI to help solve CAPTCHA forms.
  • Wrath AOI – for experienced sneakerheads, Wrath OI can be used across sneaker stores such as Footsites (which encompasses all brands under the Footlocker company), Supreme and Shopify.
  • Kodai – another sneaker bot with an excellent user interface and the ability to also purchase from the Adidas official store.

Five common types of sneaker bots

Sneaker bots vary based on their purpose, with each type impacting both consumers and businesses differently.

Let’s take a look at five of the most common.

1 – Scraping bots

Scraping bots, as we mentioned earlier, scrape the internet to collect data on a sneaker’s price and release date. Bots can also automatically alert resellers as soon as inventory levels of a particular sneaker are replenished.

2 – Account creation bots

The sole purpose of these is to bypass account-based purchase restrictions. To do this, users instruct the bot to create new accounts in bulk based on a list of email addresses.

3 – Raffle bots

Raffle bots target the raffle-based sales models that retailers adopt to avoid bot purchases. In short, bots enter competitions numerous times under different aliases and as a result, skew the odds of winning in their favour.

4 – First-come-first-serve (FCFS) bots

Otherwise known as checkout bots, FCFS bots can complete a purchase within milliseconds of sneaker drops.

Since these bots are often in competition with other bots, they make as many purchase attempts as possible to secure the sneakers.

5 – Cashing out bots

After a pair of sneakers has been purchased, cashing out bots automatically list them on resale platforms.

These reseller bots create attractive product ads that appeal to sneaker fans who missed out on the initial launch. To maximise profit, bots also have the capacity to adjust prices based on market demand and monitor competitor prices.

Business implications of sneaker bots

Reduced revenue and customer retention

While bots create short-term sales spikes for sneaker companies, the long-term impact on revenue and customer retention is more substantial.

But why should a company care whether its sneakers are purchased by a bot or a customer? The most obvious reason is that a bot cannot form a relationship with a brand.

Buyers who are consistently outbid by bots become disheartened and take their business elsewhere. The fact that sneakers are often resold at exorbitant premiums may further erode the relationship a customer has with a brand.

Businesses also suffer a decrease in revenue because they cannot capitalise on the full purchase price (or value) of the sneakers.

Reduced website performance

The heavy traffic load generated by bots can overwhelm servers and cause slow load times or even site crashes.

In a case study of a sneaker launch in 2023, it was reported that bot traffic peaked at 2,163 times the level of human traffic and was responsible for 8 million transactions per hour.

The impact of sneaker bots on website performance in the above example resembled that which occurs in a distributed denial-of-service (DDoS) attack.

Increased operational and security costs

Protection from sneaker bots requires continuous investment in advanced security measures such as bot detection software, CAPTCHA and multi-factor authentication (MFA).

What’s more, businesses must also factor in the cost of server maintenance and infrastructure improvements to handle sudden traffic spikes.

For many, this becomes an expensive and ongoing arms race to stay ahead of bot developers who are motivated to constantly refine their tools and evade detection.

How can a business protect itself from sneaker bots?

To address the financial and reputational risks of sneaker bot attacks, businesses have adopted several measures.

Real-time detection

Advanced anti-bot software employs AI and machine learning (ML) to analyse traffic patterns.

These tools detect unusual behaviour (such as rapid page requests or identical browsing patterns) to identify potential bot activity and block suspicious traffic in real-time. Others analyse lists of IP addresses previously used by sneaker bots to prevent account creation.

Brands and retailers that drop sneakers can also add their own custom rules and detection logic. For instance, they can block accounts from certain countries and force JavaScript execution to differentiate between bots and the browsers of legitimate users.

Zero-trust protocols

Other tools use zero-trust protocols, which means they use strict verification processes for all users.

The success of the zero-trust approach (and the various technologies that support it) rests on the assumptions that:

  1. Legitimate users are already compromised. Therefore, it’s important to authenticate all users to determine whether they’re malicious.
  2. Credentials are not enough. Even if authentic credentials are used, the user itself may not be authentic. Credential stuffing attacks – where stolen account credentials are used to obtain access to unrelated services – comprise up to 90% of all login traffic.
  3. Change is constant. The zero-trust approach also rejects the idea that once a user is verified, there is no risk. Constant vigilance is needed to protect against session hijacking and other attacks.

Limited-access launches

Brands like Nike and Adidas have experimented with exclusive, invite-only releases or in-app reservations to limit the influence of sneaker bots.

This approach offers a controlled environment where retailers can manually verify participants to some extent, reducing bot penetration and improving customer satisfaction.

Nike drops sneakers on its exclusive SNKRS app where users need to satisfy a number of verification steps. While bot access has been made more difficult, the company says that bot accounts nonetheless comprise up to 50% of all users and that 12 billion bots are banned each month.

Are sneaker bots legal?

In Australia and indeed many other countries, sneaker bots operate in a legal grey area. Currently, there aren’t specific laws prohibiting the use of sneaker bots for online retail.

However, sneaker bots often breach the terms of service set by eCommerce platforms and major brands.

Retailers may also have obligations that relate to:

  • Demonstration of fair competition and access to goods.
  • Contracts with brands or manufacturers.
  • Consumer protection.
  • Compliance with anti-fraud measures, and
  • Anti-scalping rules.

Summary:

  • Sneaker bots are automated tools used to purchase limited-edition sneakers from online retailers. Designed to mimic human users, these bots can complete the buying process in a matter of seconds.
  • While the use of sneaker bots is questionable, they have several negative impacts on brands and retailers. These include reduced customer retention and revenue, a decrease in website performance and increased operational and security costs.
  • Real-time tools that utilise AI and ML can protect businesses from sneaker bot activity. Zero-trust protocols and limited access to new sneaker drops can also be effective.

Related articles

Finance glossary

What is MFA?

Multi-factor authentication (MFA) is a security method that requires users to prove their identity using two or more distinct factors before accessing …

Read more
Finance glossary

What are imposter scams?

Imposter scams are a type of fraud where scammers pretend to be trusted individuals, companies, or government agencies to deceive victims into …

Read more
Finance glossary

What is accounts payable fraud?

Accounts payable fraud is a deceptive practice that exploits vulnerabilities in a company’s payment processes. It occurs when individuals—whether employees, vendors or …

Read more

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.