It's obfuscated code. Someone has gained access to the server, and has inserted some code into the top, which they have encoded as unicode strings and PHP tricks etc.
As to what to do, you need to secure whatever hole the attacker got in through, change all passwords etc, and then you can take one of two approaches:
Carefully remove any and all malicious code from your theme, and Wordpress install as a whole - This is a difficult approach, because it requires you to spot every last bit of the code, and remove it safely without breaking your install. It needs significant experience and technical skill.
Rebuild from scratch. This is usually a good approach with Wordpress because themes should be backed up from original development, and a fresh install is easy enough to install and import data into, and then you just have to be careful about the data you import.
The main point though, is that someone got in to your site somehow, and it could be through a load of different attack vectors. At the least you should:
- Change all passwords for accounts
- Review logs of SSH, FTP and all other services that allow a log in to your system, looking for suspicious activity that may lead you to how the attacker got in
- Review configuration for all Daemons and servers, and make sure all is up to date, including the distro itself
- Consider extra security precautions like 2 factor authentication, changing default ports, using software firewalls, and things like DenyHosts.
Once that's all done, keep a close eye on the system, and backup regularly, but don't delete old backups for some time (nothing worse than backing up carefully, getting hacked and discovering that your only remaining backups are also comprimised).
Attackers will often target systems they have got into before, so monitoring is a key aspect of your strategy from now on.