There are lots of smart kids who don't particularly need reasons for causing mayhem. Suppose it was somebody profit-motivated though. They might be:

1. Distracting from a more important vulnerability

2. Later contacting customers, advising them of the "accidental" refund and redirecting them to a more appropriate payment mechanism (one without the KYC Stripe does, were they to try to steal funds directly)

3. Testing stolen credit cards before using them elsewhere

Etc. Scamming people is a big industry, and not all of the plots are immediately obvious.