The actual vulnerability isn't the one stated in the announcement made by Ziber user.

The attacker firstly restarted the Crowdsale by calling the Crowdsale function
https://etherscan.io/tx/0x21d1093cd6014d8ed543c1d8e9f72f904284fb77aaa9296a1f792b745f2785a1
as we see in the Crowdsale function which can be called by anyone the owner becomes the person who is calling the function, pretty simple hack, lol.

function Crowdsale(address _token, uint _start) {
    require(_token != 0);
    require(_start != 0);

    owner = msg.sender;
    token = ZiberToken(_token);
    startsAt = _start;
  }

then just a call to Withdraw function (https://etherscan.io/tx/0xb7f0d837a10028271d7177e86b595b266302f1bc65c9db5cd7a6d48740c2c4de) and there goes 1000 ether