Skip to main content

Tracing MCP - What You Can Do With It

These are the patterns we see most often when teams plug the Bitquery MCP server into Claude, Cursor, ChatGPT, or Claude Code. You don't write SQL - you ask in plain English, the agent does the rest. Each pattern below shows the kind of question that works and what comes back.

For end-to-end worked answers - including live transaction data and fund flow analysis - see the examples section.


1. AML/KYC Risk Scoring

"Score wallet 0x742d35Cc6634C0532925a3b844Bc9e7595f42cfe for AML risk. Check wallet age, transaction frequency, mixing signals, and any compliance flags."

Score an incoming deposit or withdrawal using wallet age, transaction patterns, mixing signals, and known-entity labels. The agent returns a risk score (0-100) and flags suspicious patterns automatically.

See it live: AML Risk Scoring Example.

2. Payment Tracing (Source to Destination)

"Trace $500K USDT from Binance hot wallet 0x1234... to wallet 0x5678.... Show every hop, intermediate wallets, timing, and the final destination."

Trace the full path of a single payment from source to final destination across one or more hops. The agent maps every intermediate wallet, any DEX swaps or bridge activity, and identifies if funds reached a CEX or high-risk address.

See it live: Trace a Single Payment.

3. Phishing and Fraud Investigation

"A user was phished on March 15 and 2 ETH were stolen from wallet 0xvictim. The attacker transferred to 0xattacker. Trace where that 2 ETH went. Show all hops, DEX swaps, bridges, and final deposits."

Map the spread of stolen funds from a phishing attack or scam across wallets, DEXs, and chains. Identify if funds were consolidated, swapped, or deposited to an exchange, and cluster related attacker wallets.

See it live: Investigate a Phishing Wallet.

4. Wallet Clustering for Compliance

"Wallet 0x123... received funds from multiple sources. Identify all wallets that have sent to or received from this address, and cluster them by likely control."

Identify related wallets using common-input-output heuristics, behavioral patterns, and timing analysis. The agent clusters wallets likely controlled by the same entity - useful for detecting account farming and money laundering rings.

See it live: CEX Deposit Cluster Analysis.

5. Stablecoin Movement Monitoring

"Show me all USDT movements from Tron to Ethereum in the last 24 hours. Flag transactions over $5M, any bridge activity, and final destinations."

Real-time or historical tracking of USDC, USDT, BUSD, and other stablecoins across chains and wallets. Useful for treasury monitoring, flow analysis, and detecting unusual liquidity movement patterns.

See it live: Track Stablecoin Movement.

6. Money Laundering Pattern Detection

"Analyze wallet 0x... for layering patterns. Check for rapid mixing, frequent DEX swaps, cross-chain bridging, and rapid consolidation. Score likelihood of layering."

Identify common money laundering stages (placement, layering, integration) in fund flow patterns. The agent scores layering likelihood based on rapid mixing, frequent swaps, bridge activity, and consolidation velocity.

See it live: Identify Layering Patterns.

7. Cross-Chain Bridge Activity

"Trace 1000 USDC from Ethereum through any bridge to Solana, then back to Ethereum. Show all bridges used, timing, and final destination."

Track when and where assets move across chain bridges (Wormhole, Stargate, LayerZero, etc.). Identify bridge concentration risk and detect round-tripping patterns that may indicate arbitrage or evasion.

See it live: Multi-Chain Fund Flow.

8. CEX Deposit Clustering

"Four wallets all deposited to Binance hot wallet within the same hour. Are these wallets related? Analyze creation dates, sources, and transaction patterns."

Identify related wallets by finding addresses that all deposit to the same exchange hot wallets. The agent analyzes wallet age, common sources, interaction history, and synchronized deposits to score likelihood of same controller.

See it live: CEX Deposit Cluster Analysis.

9. Sanctions and OFAC Compliance

"Screen wallet 0x... against OFAC SDN list, FATF guidance, and known DeFi hack wallets. Flag any matches, sanctioned entity references, or high-risk signals."

Screen wallets and transactions against sanctions lists and known-risk entity databases. The agent flags direct matches, cluster associations, and previous sanctions history.

10. Regulatory Reporting and Forensic Documentation

"Generate a forensic report on wallet 0x... for SAR filing. Include creation date, transaction history, entity labels, risk flags, timeline of suspicious activity, and chain of custody."

Generate comprehensive forensic reports with transaction chains, entity identification, and risk scoring for regulatory submission. Export with clickable block explorer links, exact timestamps, and audit trails.

11. Recovery and Law Enforcement Support

"Law enforcement is investigating theft of 100 USDC on Solana reported on March 10. Trace all movements, identify exchanges involved, cluster related wallets, and flag final destinations."

Support law enforcement and recovery efforts by identifying where stolen or fraudulent assets ended up and who may control them. The agent preserves chain of custody for legal proceedings and coordinates with exchanges for account freeze requests.


Best Practices for Prompting

You don't need to know SQL or the schema - but a few prompt habits make the agent's answers dramatically better.

1. Be explicit about the time window

The tracing dataset is comprehensive. Always tell the agent the window you care about: "in the last 24 hours", "yesterday vs the day before", "since March 1". Without it, the agent may scan unnecessary data.

2. Name the chain (or "all chains")

Bitcoin, Ethereum, Solana, Tron, BSC, Base, Arbitrum, Optimism, Polygon, and 30+ more are all in the dataset. "on Ethereum" or "across all chains" keeps the agent's filter clean.

3. Include exact amounts and tokens

Specify the token and amount: "$500K USDT", "2 ETH", "1000 USDC". This helps disambiguate on shared addresses and tracks value precisely.

4. Ask for entity identification

Request the agent identify counterparties: "is this wallet an exchange, bridge, or risk entity?", "compare against OFAC lists". The agent will enrich wallets with known-entity labels automatically.

5. Request risk scoring

For compliance work, ask for scoring: "score for AML risk", "flag suspicious patterns", "highlight probable entity matches". The agent applies behavioral analysis automatically.

6. Include investigation context

Provide background: "this is a phishing investigation", "we're preparing a SAR filing", "law enforcement requested this". Context helps the agent prioritize relevant data.

7. Ask for the data shape you want

"Give me a markdown table I can paste", "return JSON for my script", "format for a regulatory report" - the agent will adapt. For forensic output: "include block explorer links, exact timestamps, and transaction hashes".

8. Trust the read-only sandbox

The MCP only allows reads. The agent cannot delete, insert, drop, or modify anything - even if you ask it to. Explore freely.


When MCP, When GraphQL, When Kafka?

NeedBest fit
Conversational forensic analysis, ad-hoc investigations, agent loopsMCP (this server)
Compliance backend, subscription monitoring, mempool dataGraphQL API and WebSocket subscriptions
Lowest-latency, highest-throughput streaming for real-time investigationsKafka streams and gRPC streams
Transaction forensics, entity matching, AML risk scoring APIsCoinpath API (GraphQL-based)

The MCP and the GraphQL API read the same dataset, so anything you discover via MCP is reproducible in GraphQL or your production compliance stream.