Two Silicon Valley VC firms, Silver Lake and Thoma Bravo, sold hundreds of millions of dollars in SolarWinds shares just days before the software biz emerged at the center of a massive hacking campaign.
The two firms owned 70 per cent of the company, which produces networking monitoring software that was backdoored by what is thought to be state-sponsored Russian spies. This tainted code was installed by thousands of SolarWinds customers including key departments of the US government that were subsequently hacked via the remote access hole.
News of the role SolarWinds’ hijacked Orion software played in the hacking spree emerged at the weekend, and on Monday the developer’s share price plummeted more than 20 per cent. It is currently down 22 per cent.
However, around a week before, Silver Lake sold $158m of SolarWinds’ shares and Thoma Bravo sold $128m, raising suspicions that the companies both traded off insider information, according to the Washington Post. The share sale was the largest ever by the two firms and larger even than when the company went public in 2018 when Silver Lake sold $140m worth and Thoma Bravo $110m.
The two companies have six seats on the company’s board, meaning they will have access to confidential information before it is made public, but which also subject them to federal rules around trading in public companies and potential insider trading investigations.
It’s not clear when SolarWinds became aware that its servers had been hacked and a software update tampered with to include a backdoor that was then used to infiltrate potentially thousands of organizations across the globe.
Security company FireEye announced on Tuesday 8 December that its systems had been hacked. On Friday 11 December, FireEye started letting it be known that its SolarWinds updates had been tampered with. However, the company almost certainly knew about the issue some time before its public announcements and it has been established that the hackers had pulled off the hack some nine months earlier.
We asked FireEye when precisely it told SolarWinds about the hack and a representative told us: “I’m not able to address the timeline of events.”
There is a potential get out for the VC companies but one which could still leave them open to insider trading allegations: their massive share sales occurred on the same day that its long-standing CEO resigned.
SolarWinds: Hey, only as many as 18,000 customers installed backdoored software linked to US govt hacks
The company had previously announced – in August – that Kevin Thompson would leave the company but didn’t give a date. Thompson reportedly resigned on Monday 7 December – news that was not made public – and a new CEO was formally announced two days later, the day after FireEye went public with its hacking news.
In a joint statement supplied to the Washington Post, Silver Lake and Thoma Bravo said the stock sales in questions were a “private placement” with an institutional investor, and that they “were not aware of this potential cyberattack at SolarWinds” before they agreed to the deal.
With tens of millions of dollars at stake, however, it’s not hard to imagine a scenario in which the CEOs leaving date was moved up in order to provide cover for a massive stock sell-off just days before the stock’s value plummeted thanks to the hacking scandal.
There is almost certain to be an investigation into what happened, what went wrong and what can be done to prevent future hacks of this nature. In fact, a group of bipartisan senators have already written [PDF] to the FBI and CISA over the “alarming” hacking attack through SolarWinds’ software and have asked for more information.
If the SEC launches an investigation in the massive share sales that occurred just days before, we are likely to find out sooner or later what the true timeline was around the hacking incidents. For now, however, everyone is remaining tight-lipped.
We have contacted Silver Lake, Thoma Bravo and SolarWinds asking for responses to the suspicion of insider trading and a clear timeline of when they learned about the hack of its systems. ®