It’s been a rough week for the NSA, to say the least. Last week, a group of hackers collectively known as The Shadow Brokers allegedly stole and released a treasure trove of NSA hacking tools and exploits. What’s more, the group promised to release even more weapons from the NSA’s cyber arsenal for the right price.

While the initial leak was met with skepticism, researchers and security experts who examined the leak subsequently confirmed that the leaked exploits were very much real. “It definitely looks like a toolkit used by the NSA,” French computer researcher Matt Suiche said after taking a look at the code.

As if that weren’t bad enough, now comes word that The Shadow Brokers may not be the only hackers who hold the keys to the NSA’s cache of advanced hacking tools and exploits.

DON’T MISS: Samsung’s best phone yet might have some quality issues that can’t be fixed

Late on Sunday night, a hacker with the Twitter handle 1×0123 indicated that he was willing to sell the aforementioned hacking tools for $8,000.

https://twitter.com/1×0123/status/767564288160571392

Speaking to Gizmodo, the hacker also said that he’d be willing to provide screenshots to verify his claims for $1,000. Interestingly, 1×0123 didn’t come to possess these files by hacking the NSA, but allegedly by stealing them from the Shadow Brokers.

It’s unclear how the hacker supposedly stole the hacks and he refused to explain beyond saying “traded some exploits for access to a private escrow and stole the tar file.” This could mean a variety of things, but it seems like he’s indicating that he tricked the Shadow Brokers, the group that originally claimed to have accessed the NSA tools, and stole the .tar file containing the exploits. Again, we don’t have a way to confirm this is true but this hacker has hacked and sold his exploits in the past.

Notably, 1×0123 is not some fly by night Twitter account with no track record to speak of. On the contrary, 1×0123 is a self-identified “underground researcher” who has been behind a number of big name exploits in the past, including a hack of Fidelity National Information Services.

It’s also worth noting that famed NSA whistleblower Edward Snowden gave 1×0123 some praise on Twitter just a few months ago.

Thanks to @1×0123 for reporting a piwik vulnerability to @FreedomofPress! Great work. Got a bug report? Please contact @ageis with details. — Edward Snowden (@Snowden) April 10, 2016