The person who submitted the report was looking to be a person who found a critical bug, that's it. It's not about understanding/fixing/helping anything, it's about gaining clout.
Exactly, probably so they can get a job, write a blog post, or sell NordVPN on a podcast showing off how amazing and easy this is.
IMO, this sort of thing is downright malicious. It not only takes up time for the real devs to actually figure out if it's a real bug, but it also makes them cynical about incoming bug reports.
