It is good practice to treat challenges older than X minutes as expired.
U2F devices sends an incrementing counter to the server upon authentication. The U2F library uses this counter to prevent the use of cloned devices. For this protection to work, you have to persist the device info after each authentication. However, all U2F compatible devices by Yubico uses tamper-resistant Secure Elements designed to be impossible to clone.
If a the counter ever decrements, the device has been cloned. The best way to handle this depends on the application. You might want to alert the user or lock their account.