“At this point in our investigation, we’ve come to the conclusion that the leak did not come from CoinMarketCap servers,” CMC said on its blog. “As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites.”