Colonial pipeline attack – how was ransom partially recovered

From Wikipedia:

Colonial Pipeline cyber attack

This article states that it is not known how the FBI obtained the private key of the address with the ransom in it. Can’t find any other sources on this. Are there any theories or evidence of how this was done?