I wonder how that would expose Wordpress to a lawsuit. Aside from the fact that the software is distributed free of charge with source code and no warranty whatsoever, this was clearly a customized and modified version of Wordpress (I know of know official cryptocurrency exchange plugin) and the software was clearly not being used for its intended purpose (blogging).

If I'm out street racing in a Corvette I modified myself to be faster than stock, I cause an accident and General Motors releases a statement to the effect that their vehicle was never intended to be driven at that speeds.. I fail to see how General Motors would expose itself to a lawsuit in that situation. In that situation, I created the problem myself and it is entirely my responsibility, not theirs. Similarly, in the AllCrypt situation, the site admin clearly created the situation that made his site unsafe and the responsibility is his. If he did not know that Wordpress was never intended as a financial exchange platform and was never secure enough to be used as such, that's his own fault for not knowing how to use Google.