Evolution of Scalper Bots Part 4: New Bot Tactics vs. Anti-Bot Tools and Legislation
Welcome back to our Evolution of Scalper Bots series. In our last post, we explored how scalper bots expanded into new markets from 2010 to 2014. We saw the scalper bot industry rise and a technological arms race begin between developers and retailers.
As we delve into the period of 2015 to 2017, this battle intensifies. Scalper bots become more sophisticated, retailers implement new countermeasures, and legal challenges emerge. In this post, we’ll explore the evolution of scalper bots during this era. We’ll examine new technologies, tactics, and legal attempts to curb scalper bot usage. We’ll also see how the landscape evolved, leading to the Escalation and Anti-Bot Bypass Era.
Introduction of the BOTS Act and Its Impact on Scalper Bots
In 2015, the online ticket sales landscape was undergoing a major transformation due to the pervasive influence of scalper bots. The high-profile Wiseguy Tickets case, covered in Part 2, put scalper bots in the spotlight. It created a blueprint for other scalping operations.
Ethical complexities became evident when the Tennessee Titans worked with a ticket scalping company in 2015. They aimed to maintain their sellout streak, raising questions about event organizers supporting scalping. Legislators responded by proposing the Better Online Ticket Sales (BOTS) Act in 2016. It became federal law, marking the first major federal effort to crack down on scalper bots in ticket scalping.
The BOTS Act bans automated programs, or scalper bots, that bypass ticket website security to bulk-buy tickets for resale. However, the BOTS Act had two main drawbacks. First, it focused narrowly on ticket scalping, leaving other forms like streetwear, fashion, and retail unaddressed. Second, enforcement was difficult. The first successful legal case against scalper bots came five years after the Act. These shortcomings highlighted the complexities of regulating the ever-evolving world of scalper bots and online scalping.
Despite the BOTS Act, the ticketing industry continued new initiatives to fight automated ticket buying via scalper bots. In 2017, Ticketmaster introduced the ‘Verified Fan’ program. Fans had to sign up for approval before buying tickets. It worked well for Bruce Springsteen’s “Springsteen on Broadway” tour. Tickets relisted dropped from 7–20% to 3%. Its success encouraged big names like Foo Fighters, Harry Styles, and Taylor Swift to adopt similar systems. They involved fans more, making it harder for scalper bots to succeed.
New Targets and Resale Markets Emerge for Scalper Bots
While scrutiny on ticket scalping increased, a separate group of scalpers was expanding their use of scalper bots into new markets. These were sneaker and streetwear botters. They capitalized on the rise of brands like Supreme and Yeezy. These brands released products in limited quantities to increase hype, making them prime targets for scalper bots.
For example, the RSVP Sniper bot developer made $250,000 from Supreme’s Air Jordan 5 release in 2015. Supreme Saint bot developers made $20,000 in five seconds from that drop. They charged $100 per pair purchased via their bot. Meanwhile, new resale platforms were launching, giving scalpers more ways to sell items acquired via scalper bots. In July 2015, GOAT was launched to address the issue of counterfeits in the rare sneaker resale market. The following year, StockX was launched with the aim of being the “stock market for things.” Both platforms offered item verification, unlike eBay, increasing buyer confidence in purchasing high-value items procured via scalper bots.
Scalper Bots Scale Up in the Sneaker Industry
An interesting dichotomy had now emerged in the scalping landscape. Due to the BOTS Act, ticket scalpers using bots faced higher risks and potential legal consequences. As a result, they withdrew into the shadows. Streetwear scalpers, not affected by the BOTS Act, engaged in a public arms race. Bot developers advertised success rates on Twitter.
Bot users wanted more than an advantage over humans; they needed to beat other bot users. As a result, scalper bot technology evolved in search of speed and scalability. Initially, Chrome extension bots like HeatedSneaks and Nike Shoe Bot (NSB) dominated the market. These bots integrated into a user’s browser, offering simplicity and accessibility. However, their limitations became apparent. They lacked advanced features like multi-threading and autonomous completion of the scalping process. These limitations led to the rise of full desktop application scalper bots.
Popular bots like NikeSlayer, Better Nike Bot, Another Nike Bot, and EasyCop Bot offered enhanced features and greater flexibility than extensions. These desktop bots could “do everything,” including adding items to cart, setting up profiles, and storing credit card info. Even NSB moved from Chrome extensions to desktop bots to stay competitive.
The shift to desktop scalper bots coincided with the increasing adoption of cloud computing in the scalping community. Cloud services made it possible for scalpers to scale up their infrastructure on demand. Scalpers could now theoretically launch unlimited tasks; the limiting factor was no longer technological. However, an innovation in the payments industry allowed this scalability to be realized practically.
In 2015, a new start-up, Privacy.com, was founded, aiming to bring Virtual Credit Cards (VCCs) to the mainstream. These are temporary payment card numbers that protect your real payment card details. Scalpers could generate a new card for each task, achieving a 1:1:1 ratio: one bot task, one profile, one billing. VCCs were later adopted by other challenger banks like Revolut.
The Birth of Advanced Bot Management Solutions
As scalper bot technology continued to innovate, retailers and platforms scrambled to develop effective countermeasures. CAPTCHA remained the default defense against scalper bots. Most retailers used it as their primary countermeasure. However, its effectiveness was increasingly called into question.
In 2014, Google researchers reported that AI could break the toughest CAPTCHA images with a 99.8% success rate. Scalpers didn’t need advanced AI to circumvent CAPTCHA. They could just turn to CAPTCHA farms, where human workers solved CAPTCHAs for them. Use of CAPTCHA farms rose between 2015 and 2017, likely because retailers used more CAPTCHA to block bots.
Recognizing CAPTCHA’s limitations, a new industry was forming to develop alternative solutions to combat scalper bots. Google introduced a “No CAPTCHA reCAPTCHA,” using algorithms to monitor user behavior before presenting a CAPTCHA. One startup introduced “ShapeShifter,” which tried to stop scalper bots by regularly changing website source code. Others used fingerprinting techniques to identify and block scalper bots.
Major retailers like Nike and Adidas overhauled their high-value sneaker release strategies to combat scalper bots. In 2015, Nike introduced SNKRS, and Adidas launched Confirmed to manage high-demand releases. These platforms used raffle systems, making it harder for scalper bots to secure limited-release items.
By 2016, attention had moved to Adidas’ line of Yeezys. Adidas implemented HMACs (hash-based message authentication codes) to secure their drops against scalper bots. This initially seemed to be an effective deterrent. However, the game of cat-and-mouse continued. AIO Bot rapidly built the “HMAC Destroyer” to circumvent this defense. Developers shared Adidas HMAC endpoints, allowing others to create workarounds.
This ongoing technical arms race showed just how persistent scalpers and bot developers can be. Retailers’ new defenses were often temporary; scalpers quickly overcame them with creativity and determination.
Coming Up Next Time: The Escalation and Anti-Bot Bypass Era
That concludes this week’s episode. We’ve explored the evolution of scalper bots, setting the stage for the “Escalation and Bypass Era.” This next era showcases the professionalization of the scalper bot industry, featuring the rise of cook groups and more sophisticated bot networks. Join us in our next installment as we continue this fascinating story of the evolution of scalper bots.
