Scarcity in DDR5 RAM Fueled by AI Demand Sparks Massive Scalping Surge
Key takeaways:
The explosive growth of AI is driving unprecedented demand for DDR5 RAM, and scalping bots are currently hitting DDR5 RAM product pages 6 times more often than legitimate traffic.
Scarcity in DDR5 RAM Fueled by AI Demand Sparks Massive Scalping Surge
Key takeaways:
The explosive growth of AI is driving unprecedented demand for DDR5 RAM, and scalping bots are currently hitting DDR5 RAM product pages 6 times more often than legitimate traffic.
The Galileo threat research team uncovered a sophisticated operation making over 10 million scraping requests, with bots checking the stock of specific RAM kits every 6.5 seconds.
These bots aggressively target the entire supply chain, from consumer RAM to B2B industrial memory providers and raw hardware components like DIMM sockets.
Scrapers attempt to avoid detection by adding cache-busting parameters to every request and calibrating their speed to stay just below volumetric alarm thresholds.
By rapidly snapping up the limited DDR5 memory inventory for profitable resale, these bots further deplete the consumer supply, effectively boxing out legitimate customers and driving market prices even higher.
As artificial intelligence continues its explosive growth, training large language models, running inference servers, and powering AI workloads requires massive amounts of RAM. As a result, the demand for high-performance DDR5 RAM has skyrocketed, creating shortages and driving up prices.
This scarcity has created a lucrative opportunity for a particular type of fraud: RAM scalping. The modus operandi is simple: buy at the lowest price and then resell for a higher price on secondary markets in order to make a hefty profit.
The Galileo threat research team uncovered a sophisticated operation where fraudsters were abusing an online service to monitor prices and snap up inventory for DDR5 memory. The scalping bots were making over 50K requests every hour, with an average of 550 scraping attempts for each RAM listing. In total, DataDome blocked more than 10M scraping requests.
Demand for DDR5 attracts fraudsters
DDR5 is the latest generation of PC memory, offering doubled bandwidth, higher capacity, and greater power efficiency than its predecessors. These massive leaps in performance make it essential for handling the colossal datasets and 24/7 processing required by modern AI workloads.
To meet this insatiable data center demand, manufacturers have shifted production away from consumer hardware toward high-margin, server-grade memory. Consequently, the consumer supply of standard DDR5 has plummeted, creating a highly lucrative opportunity for scalpers.
By analyzing the path structures of a few e-commerce platforms targeted by multiple scraping attacks, we identified a clear pattern: Bad bots are currently hitting product pages for DDR5 RAM almost 6 times more often than legitimate traffic.
Bots were not just hunting for high-capacity consumer RAM kits for PC builders and local AI workstations; they were also aggressively scraping B2B industrial memory providers and raw hardware components like DIMM sockets. This reveals that the scalping squeeze is impacting the entire DDR5 supply chain from the manufacturing floor to the retail shelf.
Brand
Model/Type
Specifications / Target
Amphenol
Hardware Components
DDR5 module sockets, SO-DIMM & CAMM2 connectors
Apacer
OEM / Industrial
DDR5 SDRAM & DDR5-5600 modules
Corsair
Vengeance RGB
DDR5 32GB (2x16GB)
Corsair
Vengeance
DDR5 64GB (2x32GB)
Corsair
Vengeance (High-Speed)
DDR5 48GB (2x24GB) 8400MHz
Corsair
Dominator Titanium
DDR5 96GB 6400MHz CL32
Crucial
Pro Series
DDR5 32GB 6000MHz CL40
Crucial
Single Module
DDR5 64GB (1x64GB) 5600MHz CL46
Goodram
IRDM
DDR5 32GB (2x16GB) 6000MHz CL30
IEI
Industrial Solutions
DDR5-ready industrial systems
Kingston
Fury Beast RGB
DDR5 32GB 6000MHz CL30
Kingston
FURY Impact & KSM
DDR5 SODIMM & Server/Workstation Modules
Lexar
Ares RGB Gaming
DDR5 32GB (2x16GB) 6800MHz
Micron
OEM / Server
LPDDR5 DRAM, standard DDR5 SDRAM, GDDR5
Patriot
Viper Venom
DDR5 32GB (2x16GB)
TE Connectivity
Hardware Components
DDR5 DIMM sockets
Virtium
Industrial
DDR5 Modules
To get an idea of the velocity in one campaign, we extracted a sample set representing 1 hour of scraping activity with 50K requests. It revealed 91 unique product listings, each scraped an average of 551 times, translating to checking the stock of each specific RAM kit every 6.5 seconds. This repetitive targeting pattern suggests automated price monitoring for reselling opportunities.
Scraper follows a diurnal pattern but gives itself away
We noticed an unusual traffic spike from the infrastructure of an online service that then sustained itself over a period of days, with an almost human day/night pattern.
Looking more closely, we noted that:
Nearly every request included a cache-busting parameter
There was only one hit per session, then an immediate exit
It was exclusively targeting product listing pages for RAM
There were no interactions with site features, shopping cart, or search
Looking at the traffic graph, one pattern immediately stood out behind the smoke and mirrors: an unremarkably horizontal plateau for each peak.
The bot was likely programmed with an upper threshold to avoid triggering volumetric alarms. The flat peak likely suggests they tested the platform’s rate limits and calibrated their scraping speed to stay just below detection thresholds.
Real traffic shows organic variation, lunch breaks, evening peaks, and weekend drops. This traffic maintained computer-like precision 24/7. Typical e-commerce traffic shows 20-40% drops on weekends as human shopping patterns change. This scraper maintained identical volume Saturday through Sunday, another clear automation telltale.
Technical hiccups also exposed automation: when the bot encountered issues, the traffic immediately plunged, then resumed at full capacity, a behavior impossible for distributed human visitors.
Shortages and inflation drive fraud
As AI continues to drive demand for computing hardware, we can expect more sophisticated scalping operations targeting high-value, scarce components.
Traditional security measures that rely solely on IP reputation or simple rate-limiting are virtually blind to these modern attacks. If a WAF simply blocked IP ranges to stop this attack, it would break legitimate services and block real users. This is where advanced behavioral analysis and intent-based detection become essential.
To stop today’s most evasive threats, security systems must look beyond the IP address and analyze hundreds of behavioral signals, like those impossible flat traffic peaks and 24/7 scraping patterns, to definitively identify and block malicious bots and AI agents, regardless of whose infrastructure they are hiding behind.
Run DataDome’s Vulnerability Scan to see if your website is vulnerable to scalping bots and spoofed AI agents, or book a demo to learn more about DataDome’s intent-based detection.
Special thanks to T.J. Iannone for his input in this research.
*** This is a Security Bloggers Network syndicated blog from Blog – DataDome authored by Jérôme Segura. Read the original post at: https://datadome.co/threat-research/scarcity-ddr5-ram-fueled-by-ai-demand-scalping-surge/
About Author
