Michael Saylor’s Strategy has added another major Bitcoin purchase to its balance sheet, bringing the company closer to holding 800,000 BTC.

According to an 8-K filing with the US Securities and Exchange Commission, the firm acquired 13,927 Bitcoin for approximately $1 billion between April 6 and April 12.

Holdings Approach 800,000 BTC

The latest purchase was made at an average price of $71,902 per Bitcoin, which is below Strategy’s overall average acquisition cost of $75,577.

With this addition, the company now holds 780,897 BTC, acquired for a total of $59.02 billion. Strategy needs just 19,103 more Bitcoin to reach the 800,000 BTC milestone, having already purchased over 107,000 BTC so far in 2026.

Purchase Funded Through STRC Share Sales

The $1 billion buy was funded through the company’s perpetual preferred equity offering, known as Stretch (STRC).

Strategy sold 10 million STRC shares during the period, generating roughly $1 billion in proceeds. No shares were issued from its other offerings, including STRF, STRK, STRD, or its common MSTR stock.

Data from STRC.live shows that last week marked the second-largest weekly issuance of STRC shares on record, significantly above the recent average. The surge follows changes to the company’s equity sale program introduced in early March.

Continued Accumulation Strategy

Saylor hinted at the purchase ahead of time in a post on X, sharing a chart of Strategy’s Bitcoin acquisition history. The company has now completed 105 Bitcoin purchases since 2020, maintaining a consistent accumulation strategy.

Despite its aggressive buying, Strategy is currently sitting on substantial unrealized losses. In its first-quarter 2026 report, the company disclosed $14.46 billion in unrealized losses on its digital asset holdings.

Market Momentum and Institutional Demand

Strategy’s continued accumulation comes amid broader institutional interest in Bitcoin.

Last week alone, US spot Bitcoin ETFs recorded inflows of $786 million, signaling strong demand from institutional investors.

Bitcoin’s price also saw upward momentum earlier in the week, climbing above $70,000 and briefly surpassing $73,000 before pulling back.

Analysts at Nomura’s Laser Digital pointed to Strategy’s buying activity as one of the key drivers behind the recent price movement, alongside ETF inflows and a rebound in US equities.

However, market volatility remains. Renewed geopolitical tensions, including developments related to a US-Iran situation, triggered a pullback toward $71,000, with analysts expecting continued price fluctuations in the near term.

Crypto users are being warned about a sophisticated new scam that leverages a popular note-taking app to spread malware capable of taking over victims’ devices.

According to a report from Elastic Security Labs, the campaign uses advanced social engineering tactics across platforms like LinkedIn and Telegram to trick individuals working in crypto and finance into unknowingly installing malicious software.

Scam Uses Obsidian Plugins as Entry Point

The attack centers around Obsidian, a widely used note-taking app that supports community-built plugins. Threat actors exploit this feature to execute malicious code without raising suspicion.

Elastic researchers found that attackers share access to a cloud-hosted “vault” within Obsidian. Once the victim opens it, they are instructed to enable community plugin syncing. This step triggers the malware, which runs silently in the background.

The method works across both Windows and macOS devices, making it a broad threat to users regardless of operating system.

Social Engineering Tactics Build Trust

The scam begins with attackers posing as representatives of a venture capital firm on LinkedIn. After establishing initial contact, they move conversations to Telegram, where they discuss crypto-related services such as liquidity solutions to appear credible.

Victims are then invited to access what is presented as the firm’s internal dashboard using Obsidian. They are provided login credentials to a shared vault, which ultimately becomes the entry point for the attack.

Elastic described this vault as the “initial access vector,” noting that the entire process is designed to appear legitimate and business-oriented.

PHANTOMPULSE Malware Enables Full Device Control

Once activated, the attack deploys a previously undocumented remote access trojan (RAT) dubbed “PHANTOMPULSE.”

Disguised as legitimate software, the malware gives attackers extensive control over the infected device. It is built for stealth and persistence, allowing operators to monitor activity, execute commands, and maintain long-term access.

One of the more advanced aspects of the malware is its use of blockchain-based infrastructure. PHANTOMPULSE relies on onchain transaction data across multiple blockchain networks to receive instructions, avoiding dependence on traditional centralized servers.

This decentralized command-and-control system ensures the malware remains operational even if parts of its infrastructure are disrupted.

Crypto Users Remain Prime Targets

The campaign highlights the continued focus on crypto users, who remain attractive targets due to the irreversible nature of blockchain transactions.

According to Chainalysis, around $713 million was stolen from individual crypto wallets in 2025 alone.

Elastic noted that attackers are increasingly creative in how they gain initial access. By abusing legitimate tools like Obsidian, they are able to bypass traditional security defenses and execute malicious code through intended app functionality.

Security Measures and Industry Implications

The researchers said they were able to block the attack, but warned that similar tactics could be used in future campaigns.

They emphasized that both individuals and organizations, especially in the crypto and financial sectors, need to be cautious when interacting with unfamiliar tools or shared resources.

Companies are advised to implement stricter controls around third-party plugins and remain vigilant, as even trusted productivity software can be turned into a gateway for cyberattacks.

Apple has confirmed the removal of a malicious app that impersonated the Ledger self-custody crypto wallet, following reports that dozens of users were scammed out of millions.

According to Apple, the fake Ledger Live app has been taken down, and the developer behind it, operating under the name “SAS Software Company,” has been permanently banned from the App Store.

Scam Exploited Users Through Fake App

The fraudulent app used a classic “bait-and-switch” tactic to deceive users. Victims were led to believe they were downloading the official Ledger Live app, only to be prompted to enter their seed phrases after installation.

By gaining access to these recovery phrases, scammers were able to take full control of users’ crypto wallets and drain their funds.

Apple noted that this type of tactic is not new. In 2024 alone, the company said it removed or rejected over 17,000 apps for engaging in similar deceptive practices. It also blocked more than 37,000 potentially fraudulent apps and rejected over 320,000 submissions flagged as spam, copycat, or misleading.

Over $9.5M Stolen From Victims

Blockchain investigator ZachXBT revealed that more than 50 crypto investors fell victim to the fake app between April 7 and April 13, with total losses reaching approximately $9.5 million.

A significant portion of the stolen funds came from just three victims. One investor reportedly lost $3.23 million in USDT, another lost $2 million in USDC, and a third lost $1.95 million across Bitcoin, Ether, and staked Ether.

Among the victims was American musician Garrett Dutton, also known as “G. Love,” who disclosed that he lost around $420,000 worth of Bitcoin in the attack.

App Store Scams Remain a Persistent Issue

Apple explained that scammers often get apps approved through legitimate means before later altering descriptions, images, or features to mimic well-known platforms.

This kind of bait-and-switch approach has been an ongoing issue for years. As far back as 2013, scammers managed to upload a fake version of Nintendo’s Pokémon Yellow game to the App Store before it was eventually removed.

The company continues to step up its efforts to combat these threats, but the incident highlights how increasingly sophisticated these scams have become.

Crypto Users Urged to Verify Apps Carefully

The case serves as another reminder for crypto investors to verify apps carefully before downloading, especially when dealing with wallet software or sensitive information like seed phrases.

Similar incidents have also occurred on other platforms. In late 2023, scammers were able to bypass Microsoft’s app store review process, resulting in nearly $600,000 in stolen crypto.

As attacks grow more advanced, users are being urged to rely on official sources and double-check app authenticity to avoid falling victim to such schemes.