Those bots still have to spend time finding addresses. If the transfer happens in seconds or minutes, its more likely the address was already known and expecting a deposit.
The addresses are generated ahead of time and placed into a huge database. Every new transaction that is broadcast is checked against the database, and if any vulnerable outputs are created they are swept immediately.