Case Study: How WriteCraft Saved $47k/Month by Stopping Free Tier Abuse

The Company

WriteCraft is an AI-powered writing assistant that helps content teams draft, edit, and optimize articles. Founded in 2024, they grew rapidly to 180,000 registered users by early 2026. Their freemium model offers 5,000 AI tokens per month on the free plan, with paid plans starting at $29/month for 100,000 tokens.

The free tier was a powerful growth lever. It let writers try the product, get hooked on the workflow, and naturally upgrade when they needed more tokens. The problem was that not everyone signing up for free tokens was a writer.

The Problem: $50k/Month in Stolen Tokens

In January 2026, WriteCraft's CFO flagged a troubling number during a board review. Their LLM inference costs had climbed to $187,000/month, but their revenue (based on paid subscribers) only justified about $137,000 in inference spend. The gap was $50,000 per month, and it was growing.

The engineering team investigated and found the source: massive free tier abuse. Here is what the data showed:

• 28,000 new free accounts created in January alone
• ~19,600 (70%) showed signs of fraud: no engagement beyond token consumption, multiple accounts from the same IP ranges, disposable or recently created email addresses
• Average fraudulent account consumed 2,400 tokens before going dormant
• Total monthly token waste: ~47 million tokens, costing roughly $50,000 in inference fees

The fraud pattern was clear. Bot operators were creating hundreds of free accounts, extracting the 5,000-token allotment via API, and using those tokens for their own products or reselling the output. Some accounts were being created through automated Selenium scripts. Others used disposable email services with forwarding to consolidate account verification links.

This is a textbook example of how AI free tier fraud really costs companies far more than they initially realize.

What They Tried First

WriteCraft's initial response was a patchwork of homegrown defenses:

Attempt 1: reCAPTCHA

They added Google reCAPTCHA v3 to their signup form. It helped for about two weeks. Then the bot operators switched to CAPTCHA-solving services that cost them $2-3 per thousand solves. The economics still worked in the fraudsters' favor since 5,000 free tokens were worth far more than $0.003 in CAPTCHA costs.

Attempt 2: Email Domain Blocklist

The team compiled a list of 200 known disposable email domains and blocked signups from them. This caught the lowest-effort fraud but missed the majority. Fraudsters simply switched to freshly created Gmail, Outlook, and Yahoo accounts, which no static blocklist can catch.

Attempt 3: IP Rate Limiting

They limited signups to 3 per IP address per day. Fraudsters rotated through residential proxies and VPNs. The limit barely made a dent, and it occasionally blocked legitimate users in shared office environments.

After three months of whack-a-mole, fraud volume had only decreased by about 15%. The team was spending 20+ engineering hours per week on fraud mitigation instead of building product features.

Implementing BigShield

WriteCraft's head of engineering discovered BigShield in March 2026. The integration took one developer half a day.

They plugged BigShield into their signup flow at two points:

1. Pre-signup validation: Before creating the account, the email, IP, and user agent were sent to BigShield for scoring.
2. Post-signup monitoring: Webhook events from BigShield's Tier 2 analysis updated risk scores after initial signup, catching fraud that was not immediately obvious.

Their scoring thresholds:

• Score 70+: Full free tier access (5,000 tokens)
• Score 40-69: Reduced free tier (1,000 tokens) until email verification completed
• Score below 40: Signup blocked with a generic "unable to create account" message

The Results: Before and After

WriteCraft ran BigShield in shadow mode for the first week (logging scores but not blocking) to calibrate thresholds. Then they went live. Here are the numbers after 60 days:

Signup Volume

Metric	Before BigShield	After BigShield	Change
Monthly signups	28,000	11,200	-60%
Fraudulent signups	~19,600	~1,180	-94%
Legitimate signups	~8,400	~10,020	+19%
Free-to-paid conversion	2.1%	6.8%	+224%

The total signup count dropped because the majority of previous signups were fake. Legitimate signups actually increased, likely because the product was more responsive without fraudulent load on the infrastructure.

Financial Impact

Metric	Before BigShield	After BigShield	Change
Monthly inference cost	$187,000	$140,000	-$47,000
Wasted token cost	~$50,000	~$3,000	-94%
BigShield cost	$0	$399	-
Net monthly savings	-	$46,601	-
Engineering hours on fraud	80+/month	~4/month	-95%

Operational Impact

• API latency improved by 23% because fraudulent traffic was no longer competing for inference capacity
• Support tickets about "slow generation" dropped 41% for the same reason
• The fraud mitigation team (2 engineers part-time) was reassigned to product work
• Database growth rate normalized, reducing their Supabase bill by $180/month

Surprising Findings

The WriteCraft team discovered several things they did not expect:

Fraud Was Masking Their Real Conversion Rate

When 70% of signups are fake, your free-to-paid conversion rate looks terrible. WriteCraft thought they had a 2.1% conversion problem. In reality, their conversion rate among real users was closer to 7%, which is quite healthy for a SaaS product. The signal was buried under noise.

Some "Legitimate" Users Were Actually Fraudulent

BigShield's behavioral signals caught accounts that passed every other check. These used real Gmail addresses (not disposable), came from residential IPs (not datacenters), and had realistic user agents. But their signup timing, form interaction patterns, and subsequent usage patterns flagged them as automated. About 8% of the fraud BigShield caught would have passed any email-only or IP-only check.

Fraud Prevention Improved Their SEO

With fewer fake accounts, WriteCraft's user engagement metrics (session duration, return visits, feature adoption) improved dramatically. This indirectly improved their product analytics and gave them cleaner data for growth decisions.

Lessons Learned

WriteCraft's VP of Engineering shared three takeaways from the experience:

"First, do not build it yourself. We spent three months and hundreds of engineering hours on homegrown fraud detection that barely moved the needle. BigShield solved the problem in half a day of integration work."

"Second, single-signal detection does not work. CAPTCHA, blocklists, IP limits. Each one catches a slice of fraud, and fraudsters just route around each individual control. You need the multi-signal approach."

"Third, measure the full cost. The $50k in token waste was just the direct cost. When you add engineering time, inflated infrastructure bills, and the opportunity cost of building fraud tools instead of product features, the real cost was probably double that."

For a deeper look at calculating these costs, see our analysis on why fraud prevention does not have to be expensive.

The ROI Math

WriteCraft pays $399/month for BigShield's Scale plan (200,000 validations). They save $47,000/month in token waste, $180/month in database costs, and roughly $15,000/month in reclaimed engineering time. That is a return of over 150x on their BigShield investment.

Even at a tenth of WriteCraft's scale, the math works. If your free tier costs you $5 per fraudulent signup and BigShield blocks 100 fake signups per month on the $49 Starter plan, you are already ahead.

Could This Be Your Story?

If you offer a free tier with any kind of resource allocation (AI tokens, API calls, compute minutes, storage), you are a target. The question is not whether fraud is happening. It is how much it is costing you right now without your knowledge.

BigShield gives you the answer in minutes, not months. Start with the free tier at bigshield.app and see what your signup traffic really looks like.