By giving an application carefully malformed input which is larger than the field it was expecting you can sometimes cause your malformed input to overwrite part of the copy of the application that is sitting in active memory, effectively rewriting some of its code to your own ends. This means that one could, for example, rewrite the code that sends BTC substituting whatever variable holds the recipient's address with a static wallet address, so it would look like you sent person A coins but actually sent them to attacker B.

Buffer overflows are very scary, but they're also pretty hard to pull off in a meaningful way. I don't expect to see many such exploits in the wild any time soon.