Related txs can be found at address bitcoincash:prjjuwfpym5macvx90rxnnkfw5v8asgvxgytk8pf0t.
By decoding the old unlock script, it's easy to get the SHA256s of subscriber emails who have solved Puzzle#1. Then cracker can calculate the P2SH address of each subscriber's fund.
SHA256(subscriber email who have solved Puzzle#1) have been leaked in Puzzle#1 related transactions' unlocking scripts.
And finally steal the funds haven't been claimed with the help of oracle.
