Well, someone accessed it with an unknown IP address. That's something you can be pretty sure of.
I'd geolocate the IP address and check other logs to see what signs they left behind. I'd do my bst to gie a forensic examination before wiping it clean and restoring from clean backups. If no such backups exist, I'd start again - making sure to follow best-practices with regards to security. (Stuff like disabling password login and requiring a key to get into the server.)
Lookup your public IPv4 or IPv6 address and where are you located? Find a geolocation of your IP address including latitude, longitude, city, region and country.
The following article is a guest-written article from Andy Brooks (aka captain-sensible) about SSH keys.
linux-tips.us
A properly secured key is a zillion times better than a password. An improperly secured key is still probably better security than a password. You can mostly deal with brute-force attacks with firejail, but a properly secured key is a zillion times better. It's not even hard to secure it. Keep it where it should be and keep a backup on a thumbdrive that you don't walk around with. Logout of your device when you walk away from it, at least lock the screen.