The U.S. Department of Justice on Monday announced that they were able to recover millions of cryptocurrency paid to the Colonial Pipeline ransomware hackers last month.

Investigators for the Justice Department announced that they recovered 63.7 bitcoins, estimated to be valued at $2.3 million, that Colonial Pipeline paid to DarkSide last month. 

The recovery effort was carried out by investigators for the DOJ, the FBI and Colonial Pipeline shortly after the company paid the $4.4 million ransom to DarkSide, which is believed to have connections to Russia. 

The effort is considered the first operation of its kind done by the Justice Department, investigators said during a press conference on Monday. However, it is now the first time the government recovered cryptocurrencies paid to cybercriminals. 

Colonial Pipeline Hack

On May 7, a group of hackers shut down Colonial Pipeline’s system, leading to crippled supply to East Coast retailers and a surge in gas prices. The company resumed operations a week after the attack, during which some regions experienced fuel shortages. 

“When Colonial was attacked on May 7, we quietly and quickly contacted the local FBI field offices in Atlanta and San Francisco, and prosecutors in Northern California and Washington D.C. to share with them what we knew at that time,” Joseph Blount, CEO of Colonial Pipeline, said in a statement

“The Department of Justice and FBI were instrumental in helping us to understand the threat actor and their tactics. Their efforts to hold these criminals accountable and bring them to justice are commendable,” he added.