In other words, is the ownership of the one who finds the key second (from the transaction) legitimate? My subjective opinion is no. Since this does not meet the main purpose of the puzzle (testing the security of keys) and such a condition for acquiring ownership of the reward is not explicitly stipulated by the creator of the puzzle.
This is a loophole in the puzzle's design, not a flaw in Bitcoin itself. The solver’s failure to protect their claim (e.g., by using tools like Mara or broadcasting with high fees) could be seen as negligence in a competitive environment. This ambiguity is why clear rules (or better puzzle designs) are needed. Without them, the "law of the jungle" (or in this case, the law of the mempool) prevails.
The creator’s statement clarifies:
https://bitcointalk.org/index.php?topic=1306983.msg18765941#msg18765941The puzzle is a measuring instrument for the "cracking strength of the community."
It rewards brute-force tools (like the "Large Bitcoin Collider"), not mempool-sniping bots.
There’s no mention of RBF, transaction racing, or ownership transfer via mempool spies.
This implies the creator intended the reward to go to whoever cryptographically solves the key and not to opportunistic bots that exploit transaction propagation.
The creator could argue:
The bot did not solve the puzzle as intended.
It exploited a loophole (mempool snooping) unrelated to cryptographic security.
This violates the spirit of the experiment (transaction racing).
If the creator’s identity is known, they might try to argue theft under "unauthorized access" laws but this is untested.
Here role of cryptography community inform to minners development authority for apply rbf at user level as previous work, that's only way is user protection