Federal officials have recovered $2.3 million in bitcoin (BTC, -9.52%) that Colonial Pipeline paid to a criminal outfit during a ransomware attack, the Department of Justice announced Monday. Colonial Pipeline paid about $4.4 million in bitcoin to the attackers, linked to the Darkside ransomware group, after its payment systems were frozen last month. The company had to halt fuel transportation across the East Coast of the U.S., sparking fears of a gas shortage in a dozen states. Deputy Attorney General Lisa Monaco said Monday that the company contacted law enforcement, allowing federal agents to track and seize a bitcoin wallet. "The Department of Justice has found and recovered the majority of the ransom paid," Deputy Attorney General Lisa Monaco said in a press briefing. An affidavit filed by an FBI agent provided further details. According to public court documents, the agent, whose name was redacted, tracked the bitcoin Colonial sent to Darkside across several transactions recorded on the bitcoin ledger, using a block explorer. About 63.7 BTC was sent to an address controlled by the FBI. The bitcoin appears to come from the affiliate that deployed Darkside's ransomware, not Darkside itself, said Tom Robinson, chief scientist at Elliptic. He told CoinDesk the funds appear to have been seized at 1:40 p.m. ET. In a blog post, Robinson said 15% of the total payment went to Darkside itself.