Thanks, tacotime, smooth, fluffypony for keeping us update in realtime. This is precisely the emergency response I was hoping for.
Two questions:
1) Can you already rule out that the same (or similar) attack can be mounted again?
2) Can you already rule out conclusively that no lasting damage was done (as in: according to the pre-attack ownership situation)? Any chance that some subtle damage was done that'll be discovered only later?
1) yes, it's an overflow bug in C.
2) yes, once the nodes all update no more corrupted blocks should be generated. the corrupted block now needs to be hardcoded into the software.