A B2B SEO tool offered 50 free credits to new users. A group of users wrote a script to farm these credits, creating thousands of accounts using temp emails and rotating IPs.
The Impact: The database was filled with junk data, and legitimate paid users experienced slow speeds because the free tier abusers were hogging the API limits. The company tried adding hCaptcha, but conversion rates for real users dropped by 12%.
They removed the CAPTCHA and replaced it with CandycornDB's API.
Instead of challenging everyone, they only challenged users who matched specific risk profiles: Tor Exit Nodes, Hosting ASNs (like DigitalOcean or AWS), or IPs with a Risk Score > 65.
The bots hit a wall—they could visit the site, but the "Free Trial" button simply vanished for them. Meanwhile, legitimate users (coming from residential ISPs) got a faster, frictionless signup experience.