There is probably a backdoor in the firmware. An attacker can change the custom root password (no, it's not root in my case, it's a complex one) or there is a manufacturer password. Stay behind your firewall and do not open any ports to the outside.
i have two nano 3s. both of them often become inaccessible with the password i set them to. the only way to log in to them, when this happens is to reset to the root/root credentials that canaan ships them with, then change the password again. i haven't yet seen the pool address change or anything like that. mine sit behind a regular home router without any port forwarding so i'd be surprised if someone other than canaan is responsible for the password changes. there's no way to reach them from outside of the home router.
if someone is hacking these boxes, then my money is on canaan or one/some of their engineers doing it with dodgy firmware. they're just not reachable from outside of the home network, so the only way to mess with them is from the firmware. since i've never seen a pool address change happen, it looks more like crappy firmware corrupting the root password than an actual hack.
hanlon's razor admonishes: never attribute to malice that which is adequately explained by stupidity. given the incompetence of the canaan team in predicting shipping dates, it's not hard to imagine they have a whole stupid farm also working on their firmware.
If I were the administrator of this group I would have already banned you for the nonsense you are saying about Canaan. if you think you can do better there are many open sources that you can improve on and where you could make your contribution. as for Canaan's shipments, we just have to compliment them on the excellent logistical work they are doing with thousands of orders in a short time!