I cannot answer, but will suggest that you clone the existing system for future research on it. I am assuming this is an eMMC model and not an SD card model. Cloning does take a lot of disk space, but from the host PC, with the Jetson in recovery mode and the micro-USB cable is connected, this would be one example of cloning an eMMC model:
sudo ./flash.sh -r -k APP -G my_backup.img jetson-nano-devkit-emmc mmcblk0p1
The above would produce a smaller (but still several GB) sparse clone “my_backup.img”, plus a larger “my_backup.img.raw” raw image. It is this raw image which you can loopback mount, examine, and perform research on at any time even if you’ve flashed the Jetson. I tend to throw away the sparse file. Do be warned though that everything you do with a file which might be 16GB or 32GB in size is very slow to do anything with in terms of copying it or moving it. When not in use I run “bzip2 -9 my_backup.img.raw” to reduce its size, but that takes quite some time to complete.
An example of using loopback on such a file from a host PC:
sudo mount -o loop ./my_backup.img.raw /mnt
cd /mnt
ls
cd -
sudo umount /mnt
This should give you a permanent record you can preserve before reinstalling.
FYI, it is possible someone did hack the system, but they would have probably treated it like an RPi. They don’t use CUDA, so if that were the case, then I wouldn’t expect any GPU use. Regardless, I think cryptomining on a Jetson would be more or less futile even when using the GPU…it would just be very very slow.