It's not certain just what happened or who was responsible. We've asked Crunchyroll for details and will let you know if it has more to share. It's evident that the site was deliberately targeted, though, and the perpetrators caught the site off-guard. As Customer Support Lead Nate Ming put it, the hack was the "first thing" some on the team woke up to in the morning. And the timing was definitely less than ideal if you were a viewer -- you may have received a rude surprise if you spend Saturdays catching up on Dragon Ball or Attack on Titan.
Update: Crunchyroll's parent company Ellation has explained what happened. Intruders managed to hijack and control the company's Cloudflare configuration, which normally redirects traffic to Crunchyroll. They steered it to the rogue server hosting the malware. Thankfully, it was an "isolated attack" -- it targeted Cloudflare, but not the actual website. If you have a Crunchyroll account, it's safe and sound.
If you downloaded that executable? You're not necessarily in trouble. You're fine if you didn't run the hostile program. If you did, you can manually remove the rogue files and registry entries. The team hasn't identified a perpetrator, but it's still hours after the attack; more definitive answers will likely take some time.