The problem is that some apps like e.g. Threema report past created pictures as new one while browsing through the gallery. New created pictures triggers the Cryptomator app to mark this images for upload (if they are not already in the list to be uploaded) which can then have the consequence that if they are already deleted or moved in the Cloud by the user, the pictures will be uploaded again like in your case.
We will need to implement a local heuristic (name, size, hash over the content, …?) to detect that a particular image has already been uploaded and may not be uploaded again otherwise we have no chance to detect this case.