Regarding the Coinbase attack.
Hiring US support staff instead of offshore support staff only increases the cost of the bribes. If the attackers did indeed take $400M, is it going to move the needle?
Access to that information should be extremely limited and tightly monitored. Support staff shouldn't have access.