Moral of the story is not to trust your provider. Don't use cloud if you don't need it, don't let your host have your ipmi crdentials, run FDE (this has saved several bitcoin exchanges from losing millions).
. Here's one particularly funny thread from their support forum that perfectly captures exactly how much of a mess this setup was (is? I haven't hacked linode lately): https://forum.linode.com/viewtopic.php?t=3231%3E
Usually a bad sign by itself lol...