-
-
Transaction Graph Visualization
-
Summary and Recommendations
Inspiration
The motivation was to bridge the gap between raw blockchain transaction data and actionable risk-intelligence. With crypto money-flows increasingly exploited for hacks, ransomware, sanctions evasion and scams, it made sense to build an autonomous agentic workflow that (a) retrieves address metadata, transaction graphs, and sanctions flags (via Moralis/TRM Labs); (b) uses an LLM-agent (via Claude Agent SDK) to orchestrate tool-calls, interpret results, assess risk; and (c) produce visually intuitive 3-D interactive network graphs (via Three.js) to enable analysts to quickly understand exposure, counterparties and transaction flows.
What it does
Loads a list of blockchain addresses implicated in a security incident (e.g., hack, scam, or suspicious wallet) from a JSON datastore (see data/addresses.json). It could be extended to always monitor a user's address or to subscribe to a realtime database of incidents (e.g. de.fi rekt database or ZachXBT's Telegram channel)
Calls the Moralis API and TRM Labs API to fetch structured metadata on those addresses: risk scores, entity attribution, sanctions flags, transaction history.
Builds a transaction-network graph (nodes = addresses/entities, edges = transaction flows) and maps risk scores into visual attributes (node colour red/orange/green, edge thickness = volume).
Uses the Claude Agent SDK to orchestrate this workflow: the LLM decides which tool to call and in what order (get incident data → fetch address info → fetch transaction network → generate visualization).
Generates an interactive 3-D report (using Three.js) where users can rotate/zoom/pan the graph, click nodes to see details, and get a summary analysis written by the agent.
How we built it
Python 3.9+ environment.
Structure: src/agent.py (orchestration), src/data_retrieval.py, src/trm_api.py, src/visualization.py.
For the agent component, we used the Claude Agent SDK (Python) from Anthropic, which gives the building blocks to create production-ready agents.
For on-chain risk data, we integrated the TRM Labs Wallet Screening / BlockInt API (via src/trm_api.py) to fetch risk scores, entity attribution, sanctions list matches, transaction flows.
For interactive network visualisation we used Three.js (via visualization.py) producing HTML files under output/[incident-id]/incident.html.
The agent logic: define “tools” in agent.py (e.g., get_incident_data, fetch_address_info, fetch_risk_assessment, fetch_transaction_network, generate_visualization), then let Claude plan the order and execute.
Challenges we ran into
Data availability & quality: On some addresses the APIs return sparse metadata or null fields, which the agent must robustly handle.
Mapping risk to visualization: Deciding how to map numeric risk scores to discrete visual attributes (node colour, size) required iteration and manual tuning.
Agent orchestration edge-cases: Getting the Claude Agent SDK to gracefully manage failures (API timeouts, missing data) and branch accordingly.
Graph complexity & performance: Large transaction networks (hundreds of nodes) can lead to slow browser render and clarity issues; we needed to prune, aggregate or limit depth. We also needed to add compression/caching to avoid exceeding the Claude API's 200K token context window.
Security & privacy: Addressing how to treat sensitive incident data, embed API keys securely, and avoid exposing identifiable privacy metadata in the output. Skyflow could be used for this in a future iteration.
Accomplishments that we're proud of
Fully autonomous end-to‐end pipeline: from incident JSON → address metadata → network graph → interactive report, orchestrated by a Claude agent.
Successful integration of Claude Agent SDK (Anthropic) and TRM Labs wallet screening API — two modern agent + risk-intelligence stacks.
Interactive 3-D visualisations that materially improve human analyst comprehension of complex on-chain flows.
Configurable for new incidents via simple JSON edit and rerun, enabling rapid turn-around.
Demonstrated how AI agents + blockchain risk data + visualization can provide real value in blockchain-forensics/AML domain.
Reusable architecture that can be extended (e.g., new tools) as per README.
What we learned
Agentic workflows (via Claude Agent SDK) are effective for orchestrating multi-step pipelines bridging data retrieval, processing, risk-scoring and visualization.
The quality of risk-metadata (from TRM Labs) dramatically influences downstream visualization; investment in data cleanliness matters.
Visualisation usability matters: interactive graphs must balance detail with simplicity—too many nodes/edges degrade clarity.
Error-handling and fallback modes (mock data) are important when working with external APIs.
Non-technical stakeholders benefit from interactive outputs and concise, agent-generated summaries rather than raw data dumps.
The combination of AI agents + domain-specific APIs (blockchain risk, sanctions) opens new workflows in financial-crime analytics.
We confirmed industry trends: crypto illicit volume remains a small fraction (~0.4 %) of total volume, but the absolute size and risk exposure is significant.
What's next for Blockchain Risk Scoring Analyst Agent
Expand network graph depth, support cross-chain tracing (multiple blockchains) beyond one chain.
Add richer risk-scoring features: integrate other providers (besides TRM), incorporate behavioural heuristics (e.g., transaction timing patterns).
Improve user interface: allow filtering, time-based playback of transaction flows, “heat-map” overlays of high-risk clusters.
Add dashboard/interactive filtering for non-technical analysts (e.g., “show me all red-risk nodes > $100K”).
Embed automated report generation (PDF/PowerPoint) summarising key findings from the agent.
Introduce semi-supervised learning: capture analyst feedback on visualisations to refine agent risk interpretation.
Integrate alerting/monitoring: automatically monitor flagged addresses over time and trigger refresh-visualisations when risk changes.
Consider deployment as a service/portal so analysts outside the project can upload incident data, receive visualisation outputs and risk summaries.
Enhance documentation and modular tool architecture so other researchers or firms can plug-in their own tools or APIs.
Log in or sign up for Devpost to join the conversation.