A question no one is asking about the Colonial Pipeline ransom attack

Reading multiple reviews and analysis on recent ransomware attacks, especially the most famous one on Colonial Pipeline which paid a ransom of 75 bitcoins (about $4 million), I am seeing a lot of discussion about what the victims did wrong and how they can avoid such attacks in the future. But no one is asking (let alone answering) a very simple question: What did the hackers do wrong that allowed the FBI to recover at least a half of the ransom already successfully transferred to them by Colonial Pipeline? And an even more important question: How did they make the mistake of allowing their transaction to be traced?