No CAPTCHA is unsolvable. The interesting question is what an attacker has to spend to defeat yours. This article walks through the per-solve economics of human-solver services, ML solvers, and the proxy and account costs that go with them, and shows why cost-of-bypass — not unsolvability — is the real defense.
The premise: cost is the defense
Imagine the smallest possible attack: a script that creates 1,000 free accounts on your service to abuse a referral credit worth $5 each. Total potential gross: $5,000. The attacker’s spend has to come in under that to be profitable. Your job is to push the attacker’s per-account cost above the per-account return.
Every CAPTCHA on the market eventually loses to a determined attacker. The good ones lose only at a price the attacker won’t pay for your particular target. The bad ones lose for free.
The attacker’s cost stack has four components:
- Per-solve CAPTCHA cost (human or ML).
- Per-account proxy cost (residential IPs are not free).
- Per-account email cost (disposable email infrastructure).
- Engineering time to build and maintain the bot.
The CAPTCHA you pick affects items 1 and 4 directly and items 2 and 3 indirectly (a CAPTCHA that fingerprints datacenter IPs forces the attacker onto residential pools).
Human-solver farms
Public human-solver services have been operating for over a decade. The two best-known are 2Captcha and Anti-Captcha; there are dozens of others. They work the way you’d expect: workers in low-wage labor markets sit at terminals and solve CAPTCHAs that paying clients submit via API.
Public pricing as of early 2026, drawn directly from the services’ own price pages:
| Challenge type | Cost per 1,000 solves | Avg latency |
|---|---|---|
| Image-grid CAPTCHA (reCAPTCHA v2 image) | ~$1.00 - $2.99 | 10 - 30s |
| Behavioral-score CAPTCHA (reCAPTCHA v3) | ~$2.00 - $5.00 | 10 - 30s |
| hCaptcha | ~$1.50 - $3.00 | 15 - 40s |
| Cloudflare Turnstile | ~$2.50 - $5.00 | 20 - 60s |
| Custom / non-standard | ~$5.00+ | 30 - 90s |
Read the table this way: any standard CAPTCHA can be defeated for roughly $1-5 per 1,000 solves, with an average latency of 10-60 seconds per solve. If your business model can absorb attackers spending $1-5 per 1,000 abuse attempts, no off-the-shelf CAPTCHA will save you on its own. You need either a custom challenge (which raises that price) or a higher-friction defensive layer (which raises the per-account cost in other ways).
The good news: $1-5 per 1,000 is enough to deter the actual spam economy. Most spam ROI is in the cents-per-message range. A cost gate of $0.001 per attempt rules out 95%+ of the abuse you’ll ever see. The remaining 5% has a real budget and is a different defensive problem.
ML solvers
ML-based CAPTCHA solvers are the second category of attacker infrastructure. The economics are different and the trends are moving against defenders.
Public ML solver economics, ballpark, as of early 2026:
- Image-grid CAPTCHAs. Solver model cost on consumer GPUs is roughly $0.0001 - $0.001 per solve once trained, with model training a one-time cost in the low thousands of dollars. Academic papers from 2018+ have repeatedly demonstrated >90% accuracy on standard image-grid challenges.
- Behavioral-score CAPTCHAs. Harder; require simulating realistic mouse movement, browser fingerprints, and ideally a fresh residential IP per solve. Total per-solve cost in the $0.01 - $0.05 range when combined with proxy cost.
- Game-based CAPTCHAs (like Playtcha). An ML solver has to recognize the game state, plan an action sequence, and execute it. Training cost is meaningful per game type. Per-solve compute cost on a trained model is small, but the maintenance cost of keeping models current as we rotate games and challenge parameters is the real burden.
- LLM-based universal solvers. Multimodal frontier models can solve image-grid CAPTCHAs zero-shot at API token costs in the $0.001 - $0.01 range per solve, depending on the model. The trend line is straight down.
The strategic implication: any CAPTCHA with a fixed challenge surface is on a deprecation timer. Defenders can only stay ahead of ML solvers by changing the challenge faster than the attacker can train a new model. This is why we randomize the game and the challenge per token at Playtcha, and why we plan a roadmap of new minigames over time. Standing still is losing.
The other costs nobody talks about
The CAPTCHA solve isn’t the only cost the attacker is paying. Two often-larger costs surround it:
Residential proxies
Most CAPTCHAs penalize datacenter IPs heavily. To bypass, the attacker needs residential IPs — leased through proxy providers that backhaul through real consumer connections. Public pricing for residential proxies is roughly $3-15 per GB of traffic, and an account-creation flow with CAPTCHA can easily consume 1-5 MB per attempt. So per-account proxy cost: $0.003 - $0.075.
Email infrastructure
Most signup flows require an email confirmation. The attacker needs disposable email addresses with reachable inboxes — either through SMS-receive services (~$0.10 per number) or catch-all-domain providers ($0.001 - $0.01 per address). For flows that require SMS verification, this can be the dominant cost.
Engineering time
Often the largest cost. Building a working bot against a well-defended target takes hours-to-days of engineering time. Maintaining it as the target’s defenses change takes ongoing time. For a small abuse opportunity (e.g. a $50/month opportunity), the engineering ROI is just not there.
The implication: even a moderately weak CAPTCHA, paired with any non-trivial frontend changes every few weeks, can price out the long tail of low-budget attackers entirely.
The attacker spreadsheet
Let’s walk a concrete scenario. Imagine your site offers a $5 referral credit per new account. An attacker wants 10,000 accounts. Their cost stack:
| Cost component | Per-account | Total (10,000) |
|---|---|---|
| CAPTCHA solve (human farm) | $0.001 - $0.005 | $10 - $50 |
| Residential proxy (~3 MB / acct) | $0.009 - $0.045 | $90 - $450 |
| Disposable email | $0.001 - $0.01 | $10 - $100 |
| Engineering (amortized) | ~$0.01 | ~$100 |
| Total cost | $0.02 - $0.07 | $210 - $700 |
| Potential return | $5 | $50,000 |
The attack is wildly profitable. The CAPTCHA was the smallest cost in the stack. Adding a tougher CAPTCHA changes the bottom line by single-digit dollars; it doesn’t change the attacker’s decision.
The fixes that do change the decision:
- Make the credit non-cashable until the referee transacts. Now the attacker has to play out the full transaction flow, not just signup.
- Cap the referral payout per IP, per device, per payment instrument. Now residential proxy cost has to be paid against each cap.
- Manual review on referrals over a threshold. Now engineering time is the rate-limit.
The CAPTCHA is one tool in the cost stack. Treating it as the whole stack is the most common mistake we see. We covered the full layered defense in why use a CAPTCHA.
What actually raises cost-of-bypass
If your CAPTCHA is the load-bearing defense for a real opportunity, here’s what raises the attacker’s cost meaningfully:
- Challenge rotation. If every solve is a slightly different problem, an ML solver has to handle the variation. Training cost goes up, accuracy goes down.
- Latency per solve. A 5-second game is more expensive on a human farm than a 10-second image grid because worker time is the cost. Counterintuitively, longer games are cheaper to defend (per attacker dollar) than shorter ones.
- Server-side anomaly detection. If your backend flags “suspiciously perfect” play patterns and quietly down-weights them, the attacker has to add jitter, which costs both compute and accuracy.
- Token binding. Tokens bound to session, IP, and site key can’t be solved on one site and replayed on another. This takes the “solve farm” out of being a shared resource.
- Rate-limit-then-CAPTCHA-then-block. Three tiers. First N requests: free. Next N: CAPTCHA. After that: hard block. This funnels low-volume abusers through the CAPTCHA and stops high-volume ones outright.
The trick of pricing-in-time, not money
One of the most-overlooked defenses is making the attacker wait. A 10-second CAPTCHA isn’t harder to solve than a 2-second one — the human solver finishes both in similar wall-clock time, and the ML solver doesn’t care about seconds. But a 10-second per-account flow caps the attacker’s throughput on a single proxy connection. At 10 seconds per attempt, one proxy can attempt 360 accounts per hour, full-throttle. At 2 seconds, the same proxy can do 1,800. The attacker is forced to spread across more proxies, which costs more.
This is one reason we’re comfortable shipping a 5-second game even though shorter would feel snappier on the success path. Friction that costs the attacker more than it costs the legitimate user is good design. We won’t go past 5 seconds without good cause, but we don’t optimize for sub-second either.
What this means for your CAPTCHA choice
Three takeaways:
- If your opportunity is >$0.10 per attempt, no CAPTCHA stops it on its own. You need defense in depth — rate limits, fraud scoring, manual review, and the CAPTCHA as one layer.
- If your opportunity is <$0.01 per attempt, almost any CAPTCHA stops it. Pick the one with the best UX and privacy posture; the security difference between vendors is not the load-bearing factor.
- For everything in between, the differentiator is challenge rotation. Standing-still CAPTCHAs lose to ML over time. Rotating ones force re-training.
See reCAPTCHA alternatives for the vendor-by-vendor view of who rotates and who doesn’t. And remember: the headline price of a CAPTCHA vendor isn’t the security number to optimize. The attacker’s spend is.
One last reframing worth holding onto: the goal isn’t to defeat your attacker forever. It’s to be slightly more expensive to attack than the next target on the attacker’s list. CAPTCHA is the most visible part of that expense, but it’s the layered defense around it — rate limits, anomaly detection, manual review on anomalies — that bumps you up the cost ladder. A well-instrumented application with a moderate CAPTCHA outperforms a poorly-instrumented application with a top-tier one, because the attacker is comparing total cost, not CAPTCHA cost.
Related: the upstream “do I need one’ question, in why use a CAPTCHA. The privacy posture, in privacy-first CAPTCHAs explained. The bundle cost, in why your CAPTCHA shouldn’t be 250 KB. The Supabase-specific implementation, in CAPTCHA with Supabase.
FAQ
Are human-solver services illegal?
They operate openly in jurisdictions where they’re not prohibited. Whether using one is legal in your jurisdiction depends on local law and on whether you’re using it to violate a target site’s terms of service. The CFAA and similar laws in other countries can apply. We don’t recommend trying it.
Can I block known proxy IPs to defeat the proxy cost?
Yes, partially. IP reputation lists exist (Spamhaus, IPQS, MaxMind, etc.). They catch the cheap end of the proxy spectrum. Premium residential proxy networks rotate through real consumer ASNs and are very hard to block without false positives.
What about CAPTCHAs that require math or trivia?
Trivial for any LLM-driven solver as of 2026. They were a fine defense in 2010. They are a placebo today.
Is Playtcha unbreakable by ML?
No. Nothing is. We make the ML defender’s problem harder by rotating games, randomizing challenge parameters per token, and planning a roadmap of new minigames so the ML team has to re-train periodically. The honest framing is: we raise the attacker’s ongoing cost, not their ceiling.
How do I know if I’m being attacked?
Watch your CAPTCHA-pass rate by hour. A normal ratio of pass-to-fail is reasonably stable. A sudden spike in fails (or a sudden spike in passes from a single ASN) is the alarm. Most CAPTCHA dashboards expose this; if yours doesn’t, log the pass/fail counts to your own observability stack.
