There is probably a backdoor in the firmware. An attacker can change the custom root password (no, it's not root in my case, it's a complex one) or there is a manufacturer password. Stay behind your firewall and do not open any ports to the outside.
i have two nano 3s. both of them often become inaccessible with the password i set them to. the only way to log in to them, when this happens is to reset to the root/root credentials that canaan ships them with, then change the password again. i haven't yet seen the pool address change or anything like that. mine sit behind a regular home router without any port forwarding so i'd be surprised if someone other than canaan is responsible for the password changes. there's no way to reach them from outside of the home router.
if someone is hacking these boxes, then my money is on canaan or one/some of their engineers doing it with dodgy firmware. they're just not reachable from outside of the home network, so the only way to mess with them is from the firmware. since i've never seen a pool address change happen, it looks more like crappy firmware corrupting the root password than an actual hack.
hanlon's razor admonishes: never attribute to malice that which is adequately explained by stupidity. given the incompetence of the canaan team in predicting shipping dates, it's not hard to imagine they have a whole stupid farm also working on their firmware.