More seriously, if the software was set up to retransmit bitcoin after a "failed" transfer, then that service could be exploited automatically. Mostly, this wasn't a social attack. The seriousness was that many services were set up to retransmit automatically, and did lose a lot of money automatically.