My first question is... Why 92M?
The hacker didn't play it smart, it makes it just to prove there was a flaw and not with the intention of making money, because another way he could manage a low profile creating coins 1 by 1, that way will be harder for the users to realize there was a bug.
It's an overflow bug. The "hacker" (exploiter is more appropriate) didn't choose 92 millions, it's because 92 millions or more precisely 9223372036854775807 (the biggest value possible of a 64 integer) so the variable that holds the number of coins of the transactions got overflowed into negative 9223372036854775807, satoshi fixed it easily by checking the value is not negative before validating the transaction using this statement
if (txout.nValue < 0)
return error("CTransaction::CheckTransaction() : txout.nValue negative");
look
here for details