Traditional blockchain forensic methods rely on static reasoning and struggle to meet the demands of dynamic investigations such as cross-chain tracing. This work proposes LOCARD, the first agent-driven blockchain forensic framework, which formulates forensics as a sequential decision-making process. LOCARD employs a tripartite cognitive architecture to decouple policy planning, operational execution, and verification evaluation, and introduces a structured belief state to embed forensic rigor constraints. Integrating large language model agents, cross-chain transaction modeling, and a Sybil cluster decomposition algorithm, LOCARD demonstrates high-fidelity tracing of money-laundering subflows from the Bybit hack, validated on Thor25—a novel benchmark comprising 151,000 real-world records.

Blockchain forensics inherently involves dynamic and iterative investigations, while many existing approaches primarily model it through static inference pipelines. We propose a paradigm shift towards Agentic Blockchain Forensics (ABF), modeling forensic investigation as a sequential decision-making process. To instantiate this paradigm, we introduce LOCARD, the first agentic framework for blockchain forensics. LOCARD operationalizes this perspective through a Tri-Core Cognitive Architecture that decouples strategic planning, operational execution, and evaluative validation. Unlike generic LLM-based agents, it incorporates a Structured Belief State mechanism to enforce forensic rigor and guide exploration under explicit state constraints. To demonstrate the efficacy of the ABF paradigm, we apply LOCARD to the inherently complex domain of cross-chain transaction tracing. We introduce Thor25, a benchmark dataset comprising over 151k real-world cross-chain forensic records, and evaluate LOCARD on the Group-Transfer Tracing task for dismantling Sybil clusters. Validated against representative laundering sub-flows from the Bybit hack, LOCARD achieves high-fidelity tracing results, providing empirical evidence that modeling blockchain forensics as an autonomous agentic task is both viable and effective. These results establish a concrete foundation for future agentic approaches to large-scale blockchain forensic analysis. Code and dataset are publicly available at https://github.com/xhyumiracle/locard and https://github.com/xhyumiracle/thorchain-crosschain-data.