In our previous blogs (Part 1 and Part 2), we discussed the world of sneaker bots, hype sales and the damage that these bots are causing both to consumers and retailers. However, during the 2020 holiday season, sneaker bot operators expanded their list of targeted merchandise. They started to offer features to purchase the most desirable gifts for 2020/2021: the PlayStation 5 and the Xbox Series X consoles. Symbolically, because of this new phenomenon, many teenagers were left disappointed, and the bots were nicknamed the Grinch Bots.
In the sneaker industry, supply of a new, unique release is typically very limited — usually only a few hundred to a few thousand pairs are offered to the public. In the case of a PlayStation 5 or Xbox release, hundreds of thousands of consoles are available at launch — but the products are more popular and therefore have higher demand. From the traffic we have observed on our customers’ sites, we can see a shift in the behavior of the attackers — websites that weren’t targeted before are being targeted heavily, while we do not see a decrease in the bots going after sneakers only.
This shift implies that the scalpers have changed their state of mind and are no longer just chasing after niche groups of valuable items. Now they’re after big money in the mass market. The retail price of a PS5 was between $400 and $500 on eBay, Amazon and other large stores, and the resale price marked up to as much as $1,800. Therefore if someone, as in this case, got their hands on dozens of consoles, the profits summed up to thousands of dollars.
The difference between a sneaker sale and a console sale is also reflected in their duration, and the velocity required of consumers to react and purchase. The former Sneaker sales end in about 30-90 seconds, while console sales last approximately 20-30 minutes. Another difference is the popularity of restocks in console sales, where they average between 2-5 restocks per sale. Both of these events bring with them a huge mass of traffic and during the latest releases of PS5 stock, PerimeterX processed a skyrocketing number of requests where the peaks reached 1.5 million requests per second.
This is, of course, a derivative of the amount of available items.
Figure: A sneaker hype sale duration
Figure: A PS5 hype sale duration including restocks
Figure: Distribution of legitimate and malicious traffic during a PS5 hype sale
As noted above, given the huge popularity of game consoles, a lot of people got upset when they realized that the reason for the consoles’ unavailability is actually scalpers, who get away without punishment. Due to the public interest in this case, the issue was brought up to politicians who suggested prohibiting the resale of PS5 and Xbox, as was implemented in Scottish parliament.
Monitor Bots: The Foundation of a Successful Operation
Monitor bots are playing a crucial role in the scalping world. These bots are constantly scanning retailers’ websites in order to catch the very beginning of the sale and to bypass innocent buyers. As you can see in the screenshot below, one can find the direct links to the product page, the available remaining stock, and even the stock’s keeping unit number. These live updates occur mostly on Discord channels, to which the access is subscription based.
Figure: A monitor tool update on a live Xbox release
Moreover, these bots can even bypass the conventional purchase flow, redirecting the bot’s operators to the checkout page. Because the monitor bots can support the all-in-one (AIO) bots, their price is up to $700 per license, where a regular AIO bot’s price is about half of that. The list of dominating services in this world consists of tools like Hawk AIO, Zephyr AIO, Snatch and Thunder Solts.
Figure: A monitor tool update on a live Nike shoe release
Part of the monitor bots’ mechanism is to obtain a valid cookie and to use it to scrape the retailer’s website inventory and impersonate a legitimate user pattern. Moreover, the bots are equipped with CAPTCHA-solving solutions, which make it harder to stop them from purchasing. In the graph below, you can see one of the many cyclicity patterns that these bots follow. The primary goal of this periodicity is to feed their supported bots and platforms with the most current availability of the goods.
Figure: A monitor tool traffic pattern identified by PerimeterX
Figure: Snatch’s monitor dashboard with its capabilities
The Benefits of Outsourcing Sneaker Bot Protection
Fighting sneaker bots in-house can cost a lot of money and work hours. Rather than waiting for reselling to become illegal worldwide, it is more efficient to outsource the detection and mitigation process of these attacks to a solution provider.
At PerimeterX, we have a long history of working with retailers who face sneaker bot attacks and we are constantly tracking the new developments in this world and blocking these malicious requests. Now, especially post-COVID, we expect to see shoebots targeting more and more items in their lists, and we are here to fight them.