Dictionary

Sneaker Bot

What Is a Sneaker Bot?

A sneaker bot is a piece of software created to help people purchase sneakers. Sneaker bots (also known as shoe bots) enable buyers to access limited edition and sought-after sneakers ahead of the masses by using a series of automated processes. The result is that buyers can enjoy the kudos of having snagged a pair of rare kicks for themselves, or – more often – unscrupulous competitors can sell them on at an inflated price.

The global sneaker market is growing fast. It is expected to reach a value of $106.6 billion by 2027, up from $59.16 billion a decade earlier. With the sneaker resale market worth over $10 billion, there are plenty of opportunities to make a profit. Limited edition sneakers often sell for two to five times their original sale price on resale sites.

As firms explore new avenues for producing limited edition trainers – often with eye-watering price tags – sneaker bots have become increasingly widespread and sophisticated. Bots now account for at least 20% of ecommerce site traffic. However, when new sneakers drop, that figure can jump shockingly high – sometimes by as much as 99%.

Online communities have also sprung up to support sneaker botting. Known as cook groups or cookgroups, they help users to access information (such as product URLs), exchange information, discover free tools, and maximize their profits from reselling the sneakers they purchase.

How Do Sneaker Bots Work? 

Sneaker bots work in a variety of ways. To make sneaker bots work, the user has to enter information, such as names, addresses and payment details. They also need to define what they want the bot to purchase, using keywords or product URLs.

We’ll look at some detailed examples below, but in essence, sneaker botting involves automating tasks that humans would naturally perform when searching for and/or purchasing footwear online. The bots can perform tasks such as scanning inventories and checking out much faster than human shoppers, giving an unfair advantage to those using sneaker botting to get hold of the latest editions; that’s why software such as device fingerprinting is used to help aid detection of sneaker bots.

Guide to Bot Attacks & How to Stop Them

Learn more about how bot attacks are performed, attack types, and how to avoid them.

Read here

Are Sneaker Bots Illegal? 

No, sneaker bots aren’t illegal. However, their use violates many ecommerce sites’ terms and conditions and many stores proactively combat their use.

Because sneaker bots are legal, those who create and supply them can advertise and sell their products openly. 

Types of Sneaker Bot 

What are sneaker bots designed to do? Essentially, they perform one or more automated tasks that mean users can get in ahead of shoe buyers who aren’t using bots. Let’s look at some examples.

Sneaker Scraping Bot

One of the simplest sneaker bots is the scraping bot. This bot scrapes webpage inventory information from URLs. Buyers can use it to scrape information including stock, prices, and other details. By doing so, they can ensure they are one of the first to know when a certain type of sneaker comes into stock.

Denial of Inventory Bots 

Some sneaker bots don’t just aid the person shopping for sneakers to make a quick purchase but they also deliberately deny others the opportunity to buy that same target product. This is the case with denial of inventory bots, which hoard sneakers in online shopping carts so that others can’t buy them – in other words, genuine shoppers’ access to the inventory is denied.

Some of those using inventory denial bots don’t check out: They fill up carts so that the items show as being out of stock. This can push genuine customers to look elsewhere, such as on resale sites.

Others do check out, thus getting around any item number limits on per-customer purchases, often while using Buy Online, Pick Up In-Store services.

Account Creation Sneaker Bots

Buying sneakers online requires shoppers to create accounts. Account creation bots can enable unscrupulous buyers to do this at scale. Disposable email addresses are ideal for this, with bots able to use them to create accounts rapidly and in bulk.

Account Takeover Sneaker Bots

While account creation bots set up new accounts, account takeover bots hack existing ones. They access victims’ accounts in two ways:

  • Credential cracking account takeover bots use one known credential (such as a username or email), then combine it with different values for the other required credentials until they crack into the account.
  • Credential stuffing bots take username and password lists (often obtained on the dark web) and use them to try to log in to ecommerce sites.

In both cases, the hacker takes over a legitimate account and uses it to make their sneaker purchase(s).

Footprinting Bots

Footprinting sneaker bots have the power to access new sneaker drops even before the involved ecommerce sites make them publicly available. They do this by scanning, probing, and searching for live URLs that are not yet public.

Sneaker Scalper Bots

Scalper bots lurk on ecommerce sites, ready to spring into action the moment new shoes drop. The bot continually refreshes the product page and then fills the shopper’s cart and purchases the sneakers at lightning speed as soon as they come into stock.

Cashing Out Bots 

Cashing out bots are the final tool for many of those profiting from sneaker botting. They can validate stolen credit card credentials when the shopper buys their products.

Datacenter Proxies

Many sneaker bots make use of datacenter proxies so that they appear as different users making individual purchases. This gets around ecommerce sites’ restrictions on the number of pairs of shoes that an individual can purchase, which are often in place for limited edition and sought-after sneakers.

Examples of Sneaker Bots Used 

Because sneaker botting isn’t illegal, those producing bots can openly advertise and promote them. This means it’s easy to see examples of the bots used to disrupt the fair sale of new sneakers. Let’s look at some sneaker buyers’ favorites.

Sneaker BotFunction
Nike Shoe BotThis bot is easy to use and highly popular with those who are new to sneaker botting. It works on Windows and macOS, and it targets sneakers sold on Shopify, Supreme, Demandware-hosted sneaker sites, and Footsites (sites under the Foot Locker brand).
KodaiOne of the pricier sneaker bots, Kodai is also one of the most feature-rich, with a dashboard, release calendar, and personal analytics page for sneaker buyers with a penchant for making data-driven decisions.
WrathThis all-in-one (AIO) bot is known for eluding anti-bot security mechanisms and takes just minutes to set up. It targets Shopify, Supreme, and US Footsites.
AIO BotParticularly favored by those buying Yeezy, Dunk, Jordan, and Nike SNKRs shoes, AIO Bot targets upwards of a hundred websites, boasting an intuitive user interface and user experience for both Mac and Windows users.
PrismAnother AIO bot, Prism targets Shopify, Supreme, and some Footsites, using a release calendar to help sneaker buyers never miss a drop.
TrickleThe Trickle bot targets Walmart and Best Buy, as well as the usual outlets like Shopify.
ValorValor is popular with those buying sneakers from FinishLine and JD Sports, as well as Shopify and Footsites.
MEKpremeDesigned to target Supreme, MEKpreme is known for battling anti-bot measures, including CAPTCHA codes.

Risks and Consequences of Sneaker Bots 

What is sneaker botting to retailers? It carries a range of risks and consequences, from loss of revenue and customers to brand reputation damages.

The fiasco that sneaker bots caused to the launch of the collaboration between Strangelove Skateboards and Nike SB Dunk Low is a good example of the consequences of sneaker botting. Footprinting bots found the sellers’ web URLs before they were made public, causing such havoc that the original launch was canceled entirely the evening before the drop was due to take place.

This perfectly highlights some of the potential consequences of sneaker botting:

  • Loss of revenue: The cost of setting up a sneaker launch, before then having to sort out the bot-created mess and a later relaunch date all have to come out of the sneaker makers’ profits. Bots that prevent genuine customers from making purchases also drive revenue away from sneaker sellers and into the arms of resellers.
  • Loss of customers: Shoppers who can’t make a purchase because the sneakers they want are out of stock will take their business elsewhere.
  • Reputational damage: Products that are constantly out of stock result in irritated customers with a lower opinion of the brand.
  • Poor website experience: Bots can slow down websites noticeably, resulting in a poor user experience for genuine customers. At the same time, they can also result in higher costs for retailers, with automated traffic creating spikes that eat up costly bandwidth.
  • Unreliable analytics Many ecommerce sites rely on their analytics to make data-driven decisions. Bots can wreak havoc with that data.
End-to-End Bot Detection Platform

Discover the best solution to protect your business against bot attacks.

Discover here

How Can Businesses Prevent Sneaker Bots? 

Businesses have plenty of resources and strategies in their armory when it comes to preventing sneaker bots from denying new footwear to genuine customers. Let’s look at a few of the latest techniques.

Digital Fingerprinting Bots

Digital fingerprinting enables retailers to track users through their fingerprints, using information such as their IP address, browser type, cookies, browser extensions, and more. They can flag suspicious users as well as identify known, genuine customers.

Use Bot Mitigation Software to Flag and Monitor Sneaker Bots

Sneaker bots imitate human behavior but with certain key differences. For example, bots will click on links and visit different pages, all without any mouse or trackpad movements. They will also make requests, such as refreshing and adding to a cart, at faster-than-human speeds. This means that retailers can use bot mitigation software to identify activity that is likely to be sneaker bots at work.

Block Known Sneaker Bot Traffic 

Once ecommerce sites have identified bots, they can put measures in place to block them from accessing their web pages. These could include using rate limiting to block multiple users with the same IP address or enforcing the use of CAPTCHA codes, which can be a stumbling block for some sneaker bots.

Filter Bots with Traffic Management 

Filtering tools can also help stop sneaker bots. Retailers who implement them as part of comprehensive bot management solutions and cloud-based solutions can benefit from the use of machine learning in fighting bots.

Manual Auditing of Sneaker Bot Traffic 

In addition to bot management solutions, retailers can add human oversight into the mix. IT security teams can manually audit traffic, looking out for examples of suspicious activity and responding appropriately. Though effective, this can also be very time-consuming.

These are some of the many approaches that businesses can take to prevent sneaker bots and their activities. However, just like other bots, sneaker bots are subject to new developments, so organizations should keep their eyes out for new and better approaches to fighting back against the rise of the bots!