An anonymous Twitter user claims to have obtained around 100,000 API keys belonging to users of the crypto trading service 3Commas. The leaker published over 10,000 of the keys on Wednesday and says the rest “will be published full [sic] randomly in the upcoming days.”

The leak comes after dozens of users of 3Commas claimed that their API keys were used to execute trades on exchanges such as Binance, KuCoin and Coinbase without their consent. As CoinDesk previously reported, 3Commas confirmed that users lost at least $6 million to attackers starting in October, but that sum has at least doubled in recent weeks according to users who spoke to CoinDesk.

3Commas initially told CoinDesk the losses came from phishing attacks, but its users – over 50 of whom have organized themselves into Telegram group chats – have insisted that their credentials must have been leaked by 3Commas or an exchange like Binance or Coinbase.

The leaked database, if authentic, is the clearest evidence yet that these users may have been correct that their credentials were leaked. CoinDesk has reached out to 3Commas for comment.

3Commas allows users to set up trading bots that automatically execute trades on their behalf on third-party crypto exchanges. Those exchanges generate API keys, and users plug those keys into 3Commas in order to grant the app access to their accounts. The API keys included in this week’s leak were, according to the leaker, generated on Binance and KuCoin.

This is a developing story.