Not unless the hacker interacts with NFT website in some way that would leave a trace. If it’s just based on NFT ownership, then no.
No. Pools don’t require KYC to delegate your ADA.
Very low chance. Report to police and local authority, so if they ever catch the hacker you can make a claim for your share.