Argos is developed by Functori as part of a BPI-funded innovation project and contributes to CryptoACTION, a Horizon Europe programme aimed at fighting crypto-enabled financial crime across Europe.
The Ethereum ecosystem processes billions of dollars daily. With that scale come serious challenges: sandwich attacks, MEV arbitrage, laundering through mixers, and forgotten token approvals that leave users exposed. Compliance teams, forensic analysts, and developers need tools that can rapidly cross-reference multiple data sources to identify risk.
This is the problem Argos was built to solve — a blockchain intelligence platform that aggregates, enriches, and visualizes on-chain data, turning noise into actionable signal.
MCP Integration: Connecting Argos to AI Agents
Argos will soon expose a Model Context Protocol (MCP) server, enabling AI agents and LLM-based tools to query the platform programmatically in natural language. Through this interface, compliance analysts and investigators will be able to leverage conversational AI assistants to interact with Argos without leaving their existing workflow. For example, an agent could:
- Look up an address with its risk scores, behavioral tags, and multi-source profile
- Analyze a transaction with its MEV classification and decoded events
- Trace fund flows backward from a transaction and surface flagged addresses
- Screen addresses against OFAC/SDN sanctions lists in real time
The MCP server follows the open Model Context Protocol specification, making it compatible with any MCP-enabled client. A closed beta will open soon for law enforcement agencies and partners involved in our research projects. If you're interested, reach out to join the early access list.
In an upcoming article, we will walk through a potential money laundering case investigated end to end using Argos and its MCP integration. Stay tuned.
Multi-Source Address Analysis
Analyzing an Ethereum address goes far beyond checking a balance. Argos simultaneously queries multiple sources — our own analysis backend, Blockscout, Etherscan, Sourcify, and Ethplorer — to build a comprehensive profile in seconds.
Enriched address profile: each badge color identifies the source (pink = Argos, blue = Etherscan, green = Sourcify, black = Blockscout).
Each source contributes distinct intelligence:
- Argos (pink tags): behavioral classification, MEV bot detection, risk scoring
- Blockscout (black tags): public names, ENS resolution, community tags
- Etherscan (blue tags): contract verification, proxy detection
- Sourcify (green tags): decentralized source code verification
Tags are deduplicated and color-coded by source, so analysts immediately know where each piece of information comes from. The architecture is non-blocking: if one source is slow or unavailable, the others display without waiting.
Beyond tags, Argos surfaces risk metrics — inbound and outbound risk scores, first transaction received, initial funding source, last activity — enabling rapid assessment of an address profile.
MEV Detection: Sandwiches, Arbitrage, Flash Loans
MEV (Maximal Extractable Value) attacks represent a systemic risk on Ethereum. Our analysis backend, written in OCaml, automatically detects MEV patterns in every block:
- Sandwiches: identification of the front-runner, back-runner, and victim, with extracted profit calculation
- Arbitrage: token circuit tracking across DEXes
- Flash loans: borrow → callback → repay pattern detection
- Liquidations: collateral liquidation event identification on lending protocols
Sandwich victim transaction: Argos identifies the front-runner, back-runner, and calculates the extracted profit.
Every transaction is classified through a three-tier pipeline: first our backend analysis (the most accurate, based on full event decoding), then a classification via decoded function calls, and finally a fast method-name heuristic. The result is visible everywhere — in the block explorer, on the transaction page, and on investigation graph edges.
Interactive Investigation Graph
Blockchain investigation requires navigating between addresses and transactions, following fund flows, and annotating findings. The Argos Investigation module provides an interactive graph powered by Cytoscape.js, designed for forensic work.
Investigation graph: nodes are colored by type (purple = contract, green = DeFi, red = suspect) and edges by transaction category.
The analyst starts from an address or transaction, then expands the graph in four directions: incoming past, incoming future, outgoing past, outgoing future — all relative to a reference timestamp. This temporal navigation allows precise tracking of fund origins or destinations.
Each node displays its type (EOA, contract, exchange, mixer, bridge) with a dedicated color code. Edges carry the transaction tag (swap, transfer, sandwich, arbitrage) detected automatically. A click opens a sidebar with paginated transaction history, OSINT tags, and external explorer links.
Investigations are persisted locally with node positions, allowing analysts to resume complex analyses exactly where they left off. JSON and PNG export makes sharing with a team or regulator straightforward.
Fund Flow Tracing for Compliance
For AML compliance use cases, the tracing module goes further than manual investigation. Starting from a given transaction, it automatically reconstructs the fund flow tree, tracing backwards up to N levels deep.
Tracing module: bipartite graph (transactions + addresses) with automatic detection of sanctioned addresses and mixers.
The resulting graph is bipartite — nodes alternate between transactions and addresses — making fund flows readable even across complex chains. Parameters are configurable:
- Depth (1 to 10 levels): how many hops backward
- Max predecessors (1 to 500): how many addresses to trace per level
- Precision (low / medium / high): speed vs. completeness trade-off
Flagged addresses — blacklisted, mixers, sanctioned entities — are detected and highlighted automatically. The analyst gets a report with unique address count, actual depth reached, and the list of at-risk addresses identified in the tree.
OFAC Screening and Risk Scoring
Argos integrates OFAC/SDN sanctions lists and cross-references them with analyzed addresses. When a sanctioned address is detected, it receives a distinctive badge (red border + shield icon) and its risk scores are automatically set to zero — signaling maximum risk.
This screening applies across every layer of the platform: address page, investigation graph, tracing module. A sanctioned address encountered at any level of the tracing tree immediately surfaces in the report.
Token Approval Monitoring
Forgotten ERC-20 approvals are an underestimated attack vector. Argos displays all active approvals for an address — as owner (tokens approved) and as spender (tokens accessible) — with progressive loading for addresses with hundreds of approvals.
ERC-20 approval monitoring: unlimited approvals are flagged, revocations are filterable.
Unlimited approvals (amount >= 2^200) are explicitly flagged. The "Hide Revoked" filter lets analysts focus on still-active approvals, and the search covers spender address, token, and amount.
Clustering and Deposit Detection
Our clustering microservice identifies exchange deposit addresses (score >= 0.95) and groups related addresses through behavioral analysis. This information appears directly in the address profile, allowing analysts to distinguish a personal wallet from an institutional deposit address.
Linked addresses displayed as a list and as a graph, with node types (current address, wallet, deposit) identified by color.
Step-by-Step EVM Debugging
For developers and smart contract auditors, Argos embeds a full EVM debugger — Apollo — that replays any transaction opcode by opcode.
Apollo: step-by-step EVM debugging with stack, memory, storage inspection and conditional breakpoints.
The debugger provides views into the stack, memory, storage (persistent and transient), internal transactions, and call context. Conditional breakpoints, instruction filters, and forward/backward navigation make it a first-class tool for understanding complex contract interactions.
Additionally, the TxRay integration provides an alternative execution trace visualization, directly within the Argos interface.
Enriched Block Explorer
The Argos block explorer goes beyond a standard transaction list. Each block displays a transfer graph (ETH and token flows between addresses), gas statistics by opcode category, and event type distribution.
Transactions within a block are annotated with their MEV tags: sandwich pairs are visually linked, arbitrage and flash loans are labeled. It serves as a real-time monitoring tool for detecting MEV activity block by block.
Each transaction is annotated with event badges and MEV tags (arbitrage, swap, withdrawal), gas usage and status visible at a glance.
Multi-Chain Portfolio
For a consolidated view, the Portfolio module aggregates native balances, ERC-20 tokens, and NFTs for an address across multiple chains (Ethereum, Polygon, Arbitrum, Optimism, Base). The "Hide zero balances" filter hides inactive chains while keeping selectors accessible, and dust balances (< 0.000001) display in scientific notation rather than misleading zeros.
Consolidated native balances across 7 chains, with per-chain nonce, contract type, and zero-balance filtering.
Argos is a living tool, constantly evolving. We are currently working on multi-chain tracing extension, improved clustering algorithms, and integration of new data sources to strengthen OSINT coverage. If you are a compliance team, forensic analyst, or developer looking to understand what is truly happening on-chain, visit
argosint.com or
reach out for a demonstration.