[belorn]

Controlling a large fraction of tor nodes is possible, but there is a large cost associated with it. Tor has a reputation system when it comes to nodes, and in order to gain a large fraction of tor nodes you need to continuously have a presence for a long period of time. Having such long term presence also risk gaining visibility and become detected, and require good and consistent secops. As the network expands this also mean the attacker need to expand in equal rate.

It is a assumed vulnerability of the network. The biggest question is if any state actor would consider it economical to do it compared to alternative methods. Personally I suspect that it is actually cheaper to have visibility into the entire internet, since that method bring value beyond tor and you do not need major secops to pull it off.

[generalizations]

Wouldn't the long term cost of doing that be amortized over all the potential targets it would help provide information on? Seems like it would be a valuable capability to maintain in the long term. Hundreds or even thousands of tor nodes would likely be a minor fraction of the budget of whichever state actor cared about doing that.