All posts
Bot · June 6, 2026

How CAPTCHA Solvers Actually Work — and Why CAPTCHAs Stopped Stopping Bots

Most merchants picture a CAPTCHA as a wall: bots hit it and stop.

It is not a wall. It is a price and the people attacking your store pay it without blinking, at about two-tenths of a cent per solve.

Here is how that market actually works, shown from inside it.

A CAPTCHA produces one thing: a token

Every CAPTCHA challenge ends by handing your site a token — the g-recaptcha-response string — that your backend accepts as proof a human passed.

The attacker does not need to beat the puzzle on your site. They need that token.

And tokens can be bought, generated, or stockpiled. There are three supply lines.

1. Human farms

A solver service console. Not a hacking tool: add funds, watch
A solver service console. Not a hacking tool: add funds, watch "sent captchas / spent funds," copy an API key.

Services like 2Captcha and Anti-Captcha route your challenge to real people, paid per thousand solves.

The flow is mechanical:

  • Your bot sends the site key and page URL to the service's API.
  • A human worker — often paid cents an hour — solves the puzzle, or simply ticks "I'm not a robot" on your real site.
  • The service returns the token.
  • Your bot submits it. Your server sees a valid token and waves the bot through.

F5 Labs documented this end to end by working a shift as a solver.

The rates are public:

  • Normal text CAPTCHAs: roughly $0.50–$1 per 1,000
  • reCAPTCHA v2: roughly $1–$2.99 per 1,000
  • reCAPTCHA v3 / Enterprise: roughly $1.45–$2.99 per 1,000

That is about $0.001–$0.003 per solve, billed only on success, at the ~99% accuracy these services advertise.

2. Machines

Newer services — Capsolver, CapMonster — skip the humans and solve with machine learning, often cheaper than the human farms.

Image and checkbox challenges are largely a solved problem for ML. The audio fallback, meant for accessibility, is broken with speech-to-text.

Benchmarks show the tell: reCAPTCHA still solves slowly (tens of seconds) because it leans on human workers, while image and Turnstile challenges resolve fast through AI. The slow part is the human, not the machine.

3. Token harvesting: solve once, use many

Solver instances on the left, a pool of pre-solved tokens on the right, waiting to be spent at checkout.
Solver instances on the left, a pool of pre-solved tokens on the right, waiting to be spent at checkout.

This is the one most defenders miss.

A reCAPTCHA token stays valid for about 110–120 seconds and is single-use.

So bots pre-solve in bulk and keep a pool of fresh tokens on standby, injecting one at the exact moment of checkout — buying the few seconds that win a limited drop.

It gets cheaper still. Logging a bot into aged, "trusted" Google accounts downgrades the challenge to a one-click checkbox; some operators play YouTube in the background just to age those accounts. Add clean residential or ISP proxies and the token looks like it came from a real person in a real place.

The screenshot above is that machine in one window: solvers feeding a token bank, ready to spend.

The economics are upside down

Put the two sides next to each other.

The attacker pays about $0.002 per attempt, automated, at scale.

You pay on the other side — every time, to every real customer:

  • Forms with reCAPTCHA see 15–30% lower completion.
  • A visual challenge costs the average person around ten seconds; the audio version far more.
  • Only about two-thirds of people solve it on the first try.
  • Collectively, humans burn an estimated 500 years a day on these puzzles.
  • They are a recognized accessibility barrier under WCAG — now a compliance question in Europe, where the Accessibility Act applies to e-commerce.
  • In the EU, reCAPTCHA's behavioural telemetry is increasingly treated as tracking, adding GDPR consent and review overhead.

A CAPTCHA is a tax you levy on your buyers to inconvenience attackers by a fraction of a cent. The ledger does not balance.

What this means for defense

You cannot out-friction a farm. Every notch you add to the challenge costs your real customers more than it costs the attacker.

The way out is to stop asking the question at the door.

Instead of a test the user has to pass — and a token anyone can buy — classify the traffic itself: the behaviour, the request sequence, the execution environment, the correlation of weak signals that a purchased token cannot fake.

That decision happens server-side, on the traffic, with nothing for the human to solve. The real customer notices nothing. The harvested token arrives attached to a session that still does not behave like a person — and that is what gives it away.

That is the idea behind frictionless detection, and it is why Kairal does not use CAPTCHAs.

FAQ

Do CAPTCHAs stop bots?

They stop trivial scripts. Motivated operators defeat them with human farms, ML solvers, or token pools for fractions of a cent.

Is buying CAPTCHA solves a fringe thing?

No. It is a mature, priced, API-driven market with public dashboards, success-based billing, and stated accuracy rates.

Doesn't invisible reCAPTCHA v3 fix this?

It removes the puzzle for users, but still issues a score and a token — both of which solver services sell and harvesters pool.

So what replaces CAPTCHA?

Behavioural, server-side classification that judges the session rather than a one-time test: invisible to real customers, and not defeated by a purchased token.

See what's reaching you without a CAPTCHA

We classify automated traffic on your store without challenging a single customer. Want to see what is getting through your current CAPTCHA? Request a free exposure report.