Printable hiring kit
Receipts first. Access later.
A short desk checklist for HR, security, founders, and vendor managers screening remote technical hires in crypto and Web3.
Before interview
- Verify identity, work authorization, school, and prior employment through independently sourced contacts.
- Require the candidate to explain their work setup, normal work hours, payroll/KYC route, and equipment delivery path.
- Flag reused resume text, repeated portfolios, duplicated profile photos, or shared payout details across applicants.
Before laptop ships
- Ship only to the address reconciled with verified identity records.
- Do not ship to a vendor, friend, hotel, mailbox, or last-minute alternate address without escalation.
- Keep MDM, EDR, logging, remote-access controls, and asset inventory ready before the device leaves.
Before code access
- Grant least privilege. Delay production, wallet, CI/CD, secrets, and signing-key access.
- Block unapproved VPN, proxy, KVM, remote desktop, and remote-control software.
- Watch for repository cloning, unusual off-hours access, and account logins from impossible locations.
Crypto payroll reality
- USDC or crypto payroll is normal in Web3; it is not a fraud signal by itself.
- Treat payment risk as contextual: mismatched KYC, third-party accounts, exchange pressure, tumbling requests, or inconsistent wallet ownership.
- Match payout accounts to the verified worker and preserve payroll/KYC records.
If risk appears
- Pause access expansion and preserve logs, interview records, documents, shipping records, and payout records.
- Ask neutral claim-specific questions. Avoid nationality tests or humiliating prompts.
- Escalate to legal, compliance, security, vendor owners, and relevant reporting channels when evidence supports it.
The canary rule
- One odd detail is a thread. Several independent conflicts are a rope.
- If the story needs a stranger's laptop, a borrowed identity, and a magic VPN, the bird is coughing.
- No witch hunts. Receipts or it stays private.