Possible intrusion to my OMV at home?

A very high latency connection, or a connection with very high packet loss could explain what you saw, especially on a ssh session.

Typically every character typed into the terminal is echoed back to the sender one at a time, but not until they first arrive at the destination. And you can't type the next character until the last one you typed is echoed back to you and displayed. This has the effect of seemingly multiplying the latency.

Some ssh clients such as SecureCRT have a feature that allows commands to be fully typed into a chat style box. Once the command is complete, hitting the Enter key sends the entire command string all at once rather than once character at a time.

The problem with trying to determine if a server has been hacked is that if someone really knows what they are doing they will be largely able to erase their footprints on their way out.

The usual advice is that unless you are completely sure your server has not been compromised (you have verified that every file on the machine has not been replaced with a non-original compromised copy) you should format the drive and reinstall the OS. And in case you are wondering, I agree this advice is not very helpful. But it is absolute.

Unexplained network traffic is one symptom of a compromised machine, as the real value of a hacked machine is one that is remotely accessible without being easily noticed. Large amounts of available storage, and high available bandwidth are valuable (to hackers) bonus features.

If you detect hidden directories on your machine that you can't explain, unexplained high disk space loss, or you notice warez or porn files that don't belong to you, be worried. Another thing to look for are processes that use TCP/UDP ports that you didn't setup yourself such as IRC offer bots, additional ssh/sftp/ftp server processes and such running on obscure ports or SSL tunnels.

Entire books have been written about compromised server forensics and some people make a living at this. So it really can't be well covered in a forum like this.

As it has already been said above.

For the future, change your approach to security. Control all traffic that goes to OMV. A firewall with a rystic traffic policy. Let go only what has to be, everything else block. It's also good to control outgoing traffic. In addition, IDS and IPS in the network too. Log network traffic to a separate machine. Always have an up-to-date system and software to avoid more familiar vulnerabilities. Do not run unnecessary utilities if it is not absolutely necessary. Regularly check the correctness of the configuration of the software. Human error is also a frequent cause of vulnerability.
If you have a suspicion that the machine has been penetrated, treat it as a fact, not a guess and hope that it may not. Reinstalling the system. Change of passwords and keys. Exchange of certificates. Treat the machine as dirty and data as potentially stolen or modified.
Implement a sensible backup system.
Think about the data encryption. Encryption of the disk itself in the case of online penetration gives nothing. Think about encrypted data containers that you store on the NAS. The data should always be on the server in encrypted form 24/7 and the decryption should take place directly on the user's machine and not on the NAS.

The subject is very extensive. It's best if you adopt the versions that the machine is dirty, and start all over again taking into account many aspects of security.