Regarding the Coinbase attack.

Hiring US support staff instead of offshore support staff only increases the cost of the bribes. If the attackers did indeed take $400M, is it going to move the needle?

Access to that information should be extremely limited and tightly monitored. Support staff shouldn't have access.