Also, fun fact: Nelson was our test solver for CTF2. He also ripped through all the levels there in a few hours. But then he got to level8 (PasswordDB, which was source port counting), and was stumped for a few days. He had a lot of hypotheses about the vulnerability, many of which were much cooler than the actual one. Given it had taken him so long, I decided the level was too hard and made it easier by adding some code that would log source ports. (It turned out to still be too hard, so launch day I released a bunch of hints until finally wgrant solved it, at which point I went home and got some sleep.)
On the other hand, we're a security consultancy, so maybe we have lower, more tolerable standards for "up in production" than Stripe does.
Nelson Elhage is a machine; he ripped through 9 levels in under an hour.