Inventory hoarding and scalper bots: the Grinch-bot arms race

A limited-edition sneaker drops at 10:00:00. By 10:00:01 it is gone, and by the afternoon it is on a resale site at three times retail. The product page never lied about stock. There were a few thousand pairs, and a few thousand transactions cleared. The problem is who, or what, those transactions belonged to. During a single drop of a hyped sneaker, one bot-management vendor measured automated traffic at 97 percent of all hits on the page. The humans were the rounding error.

That is the puzzle this post is about. A scalper bot does nothing a human could not do in principle. It loads a page, adds an item to a cart, fills in a card, clicks buy. It just does all of that in a fifth of a second, from hundreds of accounts at once, behind hundreds of IP addresses, and it never gets bored or makes a typo. The whole contest between retailers and resellers comes down to telling those two populations apart at the exact moment of a sale, when the site is under the heaviest load it will see all year and has milliseconds to decide. Below is how the bots are built, what the law in the United States actually prohibits (less than you would think), and the defenses that have grown up around the problem: queues, raffles, and the bot-management stacks that try to score every request before it touches checkout.

Here is the route. First the anatomy of a scalper operation, the monitor, the proxies, the CAPTCHA harvester, the checkout module, and how they fit together. Then the specific tactic of denial of inventory, where the goal is not to buy but to make the shelf look empty. Then the legal picture: the BOTS Act of 2016, its first and so far only enforcement actions, and why the Stopping Grinch Bots Act keeps getting reintroduced and keeps dying. Then the defensive side, layer by layer, from rate limits up to virtual waiting rooms and raffles. And finally an honest read on where the arms race actually sits in 2026.

The anatomy of a scalper operation

A modern scalper setup is not one program. It is a small toolchain, and the parts are sold separately by different vendors, which tells you something about how mature the market is. There is the bot itself, the proxies, the CAPTCHA-solving layer, the accounts, and the server you run it all on. Cook groups, paid Discord and Telegram communities, sell the glue: release calendars, early links, proxy recommendations, and configuration files tuned for a specific drop.

Start with the monitor. Before a product is purchasable, the bot has to know the instant it becomes purchasable, and “the instant” here means hundreds of milliseconds, not seconds. So a monitor module polls the target relentlessly. Sometimes that is the product page, sometimes a backend inventory or variant API that the page itself calls. The bot watches for a state change: an out-of-stock flag flipping, a variant ID appearing, a checkout button becoming active, a price field populating. Some bots go further and footprint, probing for unpublished product URLs and hidden variant IDs before the public launch, so the add-to-cart request can fire against a known endpoint the moment stock is allocated. Nike Shoe Bot’s own marketing claims it was among the first to introduce restock monitors, which is the kind of thing a vendor brags about in this market.

When the monitor trips, the checkout module takes over. This is where the speed claims come from. The bot does not navigate the site like a person clicking through pages; it replays the minimal sequence of HTTP requests that a successful purchase requires. Add to cart, set shipping, set billing, submit payment. Cybersole, a first-come-first-served checkout bot, advertises over three million successful checkouts and 250-plus supported retailers, which gives a sense of the scale a single tool reaches. The often-quoted figure is a checkout completing in around 0.2 seconds. Whether any particular drop is that fast depends on the retailer’s own latency, but the direction is clear: the bot is bounded by the server’s response time, not by human reaction or typing speed.

*The modules are sold separately and assembled per drop. The task engine fans out across many accounts and proxies; the proxy pool and CAPTCHA layer feed every task.*

Two supporting modules make the parallelism work. The first is the proxy pool. A retailer that sees two hundred checkout attempts from one IP in one second will block that IP instantly, so the operator spreads tasks across many addresses. Datacenter proxies are cheap and fast but easy to flag by ASN; residential and mobile proxies route through real consumer ISP addresses and look far more like ordinary shoppers. Imperva’s 2024 measurement put roughly a quarter of bad-bot traffic as coming from residential ISPs, which is the whole reason proxy vendors can charge a premium for that class of IP. The economics of why one address class costs ten times another are the subject of residential vs datacenter vs mobile proxies, and how defenders score the ASN reputation behind them is covered in residential proxy and ASN detection.

The second is the CAPTCHA harvester. When a site gates checkout behind reCAPTCHA, the bot needs a valid token, and solving one inline costs precious seconds. So harvesters pre-warm. They open many browser sessions logged into Google accounts ahead of the drop, because a reCAPTCHA score for a session with real Google cookies and history tends to come back clean, and they bank the resulting tokens so the checkout module can spend one the instant it is needed. This is why the underlying scoring matters so much; the design of that 0.0-to-1.0 verdict is the subject of reCAPTCHA v3 scoring. The harvester does not break the CAPTCHA so much as front-run it, accumulating valid answers before the clock starts.

The accounts are their own resource. Most retailers cap purchases per account, sometimes per shipping address or per card. So an operator who wants forty pairs spins up forty accounts, each with its own plausible identity, and that demand feeds directly into the fake-account economy covered in fake-account creation at scale. The card side overlaps with carding and the bot economy, where stolen and gift-card balances get tested and spent in the same automated way. None of these pieces is exotic on its own. The skill is in the assembly and the tuning, which is exactly what cook groups sell.

It is worth being precise about what “replay the HTTP flow” means, because it is the technical heart of the speed advantage and the thing the defenses ultimately have to catch. A purchase on a typical storefront is a short sequence of state-changing requests: a POST to add a variant to the cart, a request to set or confirm the shipping address, one to lock in a shipping method, one to tokenize and attach payment, and a final POST to submit the order. A human triggers these by clicking through rendered pages, with all the page loads, image fetches, and think-time in between. The bot strips that down to the requests that change server state and fires them back to back, often skipping the rendered HTML entirely and talking to the same JSON or form endpoints the page would have called. Each request carries whatever the previous step handed back: a cart token, a CSRF token, a session cookie, sometimes a one-time nonce embedded in the checkout. Get that token plumbing right and the whole purchase collapses into a fraction of a second of network round-trips. Get it wrong, or let the site rotate a token you did not capture, and the flow breaks at the last step. This is exactly why the harder retailers move logic into obfuscated JavaScript and signed payloads. If the add-to-cart request requires a value that only a real execution of the page’s script can produce, a blind HTTP replay cannot forge it, and the operator is forced into a real browser, where the fingerprint and automation tells described later come back into play.

The harvester deserves a second look in this light, because pre-warming a CAPTCHA token is the same idea applied to the challenge rather than the cart. Solving inline is slow and uncertain; banking a clean token in advance is fast and reliable. The same instinct shows up across the toolchain. Anything that can be computed before the clock starts, an account, a proxy, a session cookie, a CAPTCHA token, a known variant ID, gets computed in advance, so that the moment of the drop is reduced to spending pre-paid currency rather than earning it under time pressure. A good scalper operation is mostly preparation, and the drop itself is anticlimactic by design.

Denial of inventory: making the shelf look empty

Not every scalper wants to complete a purchase. A whole class of attack stops one step short, and it is meaner than straightforward buying.

Denial of inventory, also called inventory hoarding, exploits a design choice baked into nearly every e-commerce platform: when you add an item to your cart, the site reserves it for you. The stock count drops. The product shows as unavailable to everyone else for the duration of your session, on the entirely reasonable assumption that you are about to buy it. A hoarding bot abuses that reservation. It adds the item to a cart, holds it, lets the timeout approach, then releases and re-adds, or simply opens a fresh cart and does it again. Multiply across hundreds of bot sessions and the entire stock sits locked in carts that will never check out. Real shoppers see “sold out.” The shelf is full; the storefront says empty.

*The reservation that protects a genuine buyer's cart becomes the lever. Hold near the timeout, release, re-add, repeat.*

Why bother, if you never buy anything? Two reasons. One is leverage on the secondary market. If a hoarder controls a chunk of stock by locking it, the listings that do reach buyers, sometimes the hoarder’s own genuine purchases, command higher prices because the apparent supply is lower. The other is plain sabotage, a competitor or a griefer making a launch look like a failure. Either way the retailer eats the damage: a drop that looks sold out, a wave of support tickets, and a brand that looks like it cannot run a launch.

The naive defenses are easy to state and easy to beat. Cap how long an item can sit in a cart, and the bot releases and re-adds just inside the window. Cap how many times one account can add the item, and the bot rotates accounts. Cap per IP, and the residential proxy pool defeats it, because to the server each request looks like a different ordinary household. This is the recurring shape of the whole problem. Any limit keyed to a single identifier (IP, account, cookie) falls to an attacker who can mint that identifier cheaply, and minting identifiers cheaply is precisely what the proxy and fake-account markets exist to do. The only defenses that hold up are the ones that score the request itself rather than counting events per key.

What the law actually says

The legal story in the United States is narrower than most people assume, and the gap is the interesting part.

The Better Online Ticket Sales Act, the BOTS Act, became law on December 14, 2016, as Public Law 114-274. It does one specific thing. It makes it unlawful to circumvent a security measure, access control system, or other technological control that a ticket seller uses to enforce purchasing limits or maintain the integrity of its ordering rules, for events with a venue capacity over a few hundred people. It also bars knowingly reselling tickets you obtained through such circumvention. Violations are treated as unfair or deceptive practices under the FTC Act, which is the hook that gives the Federal Trade Commission authority to pursue them, with civil penalties scaled per violation. Note the scope. The word in the title is tickets. Sneakers, consoles, graphics cards, and trading cards are nowhere in it.

For four years the BOTS Act was a law nobody had enforced. That changed in January 2021, when the Department of Justice and the FTC announced the first actions under it, against three New York ticket brokers who had used automated software and a stack of evasion tricks to buy tickets far in excess of posted limits and resell them at a markup. The brokers ran ticket-buying bots, used software to circumvent CAPTCHA and other controls, and operated large numbers of accounts and credit cards under assorted identities to look like many separate buyers. The settlements carried judgments totaling more than three million dollars. As of 2026, those remain the headline enforcement actions under the statute. One round of cases in nearly a decade is not the kind of deterrent that reshapes a market.

The limits of the law showed up vividly in the most public ticketing failure of the decade. When the Taylor Swift Eras Tour presale ran on November 15, 2022, Ticketmaster’s site buckled, and the company told a Senate Judiciary subcommittee two months later that the day brought 3.5 billion total requests, roughly three times its prior bot traffic peak, and that the bots had even hammered the Verified Fan access-code servers for the first time. By Live Nation’s account the bots did not actually breach Verified Fan or carry off tickets through it, but the load alone forced sales to slow and pause. The BOTS Act was already six years old and on the books that day. It did not prevent the meltdown, and no enforcement action followed it. The episode is a useful reality check on what a circumvention statute can and cannot do: it gives regulators a tool to punish brokers after the fact, but it does nothing to keep a determined bot wave off the servers during a sale. The defensive engineering, including the design of Verified Fan itself, is covered in the Ticketmaster Verified Fan system.

The obvious hole, that the law covers tickets and nothing else, is what the Stopping Grinch Bots Act is meant to plug. It would extend the same circumvention-and-resale prohibition to retail goods generally, again treating violations as unfair or deceptive practices enforceable by the FTC. It has been introduced repeatedly, the 2023 versions arriving in mid-December of that year, sponsored by legislators including Paul Tonko, Chuck Schumer, and Richard Blumenthal. Every version so far has died in committee without a floor vote. So the situation in 2026 is that buying up the entire stock of a hyped console with a bot farm is, at the federal level, not specifically illegal in the way that doing the same to concert tickets is. Some states have their own ticket-resale and bot statutes, and the United Kingdom and parts of the EU have moved on ticket bots, but for general retail in the US the legal deterrent is thin. Which is a large part of why the technical defenses carry the weight.

The defensive stack

Defense against scalpers is layered, and no single layer is sufficient. The shape of it mirrors the bot’s own toolchain, with a counter for each module. The honest summary up front: the goal is rarely to block every bot, which is impossible at the speeds and IP diversity involved, but to raise the cost and the failure rate enough that scalping a given drop stops being reliably profitable.

The first and crudest layer is rate limiting and IP reputation. Count requests per source, throttle or block sources that exceed a human-plausible rate, and lean on known-bad ASNs and datacenter ranges. This catches the lazy operators and the datacenter proxies, and it does nothing against a residential proxy pool that spreads a thousand requests across a thousand households at one or two requests each. The algorithms behind doing this without nuking real traffic, token buckets and adaptive backoff, are covered in rate-limiting algorithms for defense. On its own, rate limiting is a speed bump.

The second layer is the fingerprint and behavioral analysis that bot-management vendors sell, the substance of products from DataDome, Akamai, HUMAN, Cloudflare, Kasada, and others. Instead of counting requests per IP, these systems try to identify the client itself and judge whether it is a real browser driven by a real person. They look at the TLS handshake (the JA3 and JA4 fingerprints derived from the ClientHello, the subject of TLS fingerprinting), the HTTP/2 frame and header ordering, the JavaScript runtime environment, and the mouse and keyboard telemetry of the session. A bot replaying a raw HTTP flow has no browser fingerprint to present and gets caught on the handshake. A bot driving a real headless browser presents a browser fingerprint but leaks automation tells: the headless flags, the CDP instrumentation, the too-perfect timing. The cat-and-mouse there is genuinely deep, and the broad strokes of how the verdict gets computed are in server-side vs client-side bot detection. The point for scalping is that this layer is where the residential-proxy advantage runs out, because a clean IP does not help a client that fingerprints as a script.

*Each layer filters a different population. The bottom two attack the bot's core advantage: they make raw speed worthless.*

The third layer is the explicit challenge, a CAPTCHA or an interactive proof. This is the layer scalpers have invested most in defeating, through the harvesters described earlier and through commercial solving services. A challenge raises cost and adds latency, which matters in a race, but a well-funded operator treats it as a line item rather than a wall. The deeper history of why challenges keep getting harder and keep getting solved is in the history of CAPTCHA. For scalping specifically the challenge is most useful not as a hard gate but as friction that the waiting room and raffle layers can build on.

Those bottom two layers are the ones that actually change the game, because they attack the bot’s only real edge: speed. A virtual waiting room puts every visitor into a queue before the sale and admits them in controlled batches. The decisive design choice, and the one that matters most against bots, is randomized admission. PlayStation Direct’s PS5 queue, for instance, moved to assigning everyone already waiting when the queue opened a random position in line, so sitting on the page early and refreshing fast bought you nothing. The bot that arrives in the first millisecond gets the same expected position as the human who arrived a minute before opening. That single change neutralizes the entire monitor-and-race architecture, because there is nothing left to win by being fast. How these systems are actually built, including where they still leak, is the subject of how virtual waiting rooms work, Queue-it’s architecture, and why waiting rooms leak. The scale they operate at is not small. Queue-it has reported its waiting rooms blocking well over ten billion bots across protected events.

The raffle goes one step further and removes time from the equation entirely. Instead of first-come-first-served, the retailer takes entries over a window and then draws winners at random. Nike’s SNKRS app runs draws this way, with short entry windows followed by a random selection, and Nike states its draws are fully random. A raffle defeats the speed advantage by construction. There is no instant to race to, no checkout to win by milliseconds. What a raffle does not defeat is the account advantage. If each entry is one chance and an operator can field ten thousand fake entries, the bot problem becomes a fake-account problem, and the defense moves back upstream to identity verification and to the fingerprint layer that has to catch ten thousand near-identical entries. Nike has reported on the order of billions of illegitimate raffle entries a month, which is exactly that fight playing out. The raffle does not make the bots go away; it changes what they have to be good at.

There is a quieter fourth tactic that deserves a mention: post-sale auditing. Rather than catch every bot at the moment of purchase, the retailer reviews orders afterward for the patterns scalpers leave (many orders to one address, reused payment instruments, accounts created minutes before the drop, shipping clusters) and cancels the flagged ones. This trades the impossible real-time problem for a tractable batch one. It will not stop a determined operation, but it claws back inventory and raises the reseller’s risk that a “successful” cop gets voided before it ships.

Where the arms race actually sits in 2026

Step back and the contest has a stable shape, even as the specific tools rotate. Bots make up roughly half of all internet traffic, by Imperva’s count 49.6 percent in 2023, with bad bots specifically around 32 percent, and there is no sign of that ebbing. During a hyped drop the local concentration is far higher, the kind of 90-plus-percent automation figure the sneaker vendors keep reporting. The supply of cheap residential IPs, cheap fake accounts, and ready-made checkout tools means anyone who wants to scalp a given launch can assemble the capability in an afternoon. The legal deterrent in the US, outside of event tickets, is close to nonexistent, because the Stopping Grinch Bots Act keeps dying in committee. So the burden sits almost entirely on the technical defenses, and those defenses have quietly converged on the same conclusion.

The conclusion is that you cannot reliably win the speed race, so you should stop racing. Every defense that has actually moved the needle (randomized waiting-room admission, raffles, post-sale audits) works by removing the value of being fast rather than by trying to be faster than the bot. The fingerprint and behavioral layers still matter enormously, because they are what catches the fake accounts and scripted clients that the raffle pushes the fight toward, but they sit in support of a structural change, not in place of one. The drops that go smoothly in 2026 are the ones where the retailer decided in advance that the first millisecond would not be allowed to matter.

What that leaves unresolved is demand. A bot is a tool for converting attention into inventory faster than the next person, and as long as a sneaker resells for triple retail there is money to fund the next generation of tools. Defenses can make any single drop fair, or close to it. They cannot make a thing that ten thousand people want and one thousand exist of go around. The waiting room and the raffle do not solve scarcity; they just decide, more honestly than a bot farm would, who goes home empty-handed. The most a defender can promise is that the person who loses the draw lost it to another person, and in this market that turns out to be the hard part.

---

Sources & further reading

• U.S. Congress (2016), S.3183 — Better Online Ticket Sales Act of 2016 — the BOTS Act as enacted, Public Law 114-274, signed December 14, 2016.
• Wikipedia (2024), Better Online Tickets Sales Act — summary of the act, sponsors, FTC enforcement authority, and per-violation civil penalty.
• U.S. Department of Justice (2021), Justice Department and FTC Announce First Enforcement Actions for Violations of the Better Online Ticket Sales Act — the three ticket-broker settlements, totaling over $3 million, and the circumvention techniques alleged.
• U.S. Congress (2023), S.3511 — Stopping Grinch Bots Act of 2023 — the bill that would extend BOTS-style prohibitions to retail goods; introduced December 2023, no floor vote.
• Rep. Paul Tonko (2023), Tonko, Blumenthal, Schumer, Luján Introduce Bill to Stop Cyber Grinch Bots — the sponsors’ rationale and fact sheet for the Stopping Grinch Bots Act.
• Queue-it (2024), Scalping Bots: Everything You Need to Know — bot categories, denial-of-inventory mechanics, and named-incident figures including Nike raffle entries and the 97-percent-of-traffic drop measurement.
• Queue-it (2024), Bots Explained: How Do Sneaker Bots Work? — monitor, proxy, harvester, and checkout modules, named bots, and the ~0.2-second checkout claim.
• HUMAN Security (2024), What are denial of inventory and scalping attacks? — cart-holding mechanics and the defensive countermeasures from a bot-management vendor.
• Imperva (2024), Five Key Takeaways from the 2024 Imperva Bad Bot Report — bot traffic at 49.6 percent of all internet traffic, bad bots at 32 percent, and the residential-proxy share of bad-bot traffic.
• DataDome (2024), How to Stop Grinch Bots This Holiday — vendor view of Grinch-bot behavior and the fingerprint-and-behavior detection approach.
• NBC News (2023), Highlights from the Ticketmaster hearing: Senators criticize ‘monopoly’ over Taylor Swift fiasco — the January 2023 Senate Judiciary hearing and Live Nation’s bot-traffic claims for the Eras Tour presale.
• TechRaptor (2021), PlayStation Direct PS5 Queue Now Randomly Assigns Your Spot — the randomized-admission change that neutralized fast-refresh queue camping.