I believe this would work, and is one of the weak points of the ecosystem. I wonder what the impact of spinning up 6K relays in AWS across the globe would be like. I would say that spinning up 6K instances would be affordable for even small companies.
You can't just spin up 6k new relays and take over the Tor network without somebody noticing. The network is actively monitored for sybil attacks, and it takes 2+ weeks before a new node is "trusted" with significant traffic, giving network monitors plenty of time to blacklist you.
What's going to kill Tor is a global passive adversary, meaning someone with perfect visibility of all traffic going in and out of Tor nodes by tapping network infrastructure and correlating at the endpoints. I'm sure the NSA is working on this. They couldn't do it in 2013, but what could they have accomplished in the 6 years since the Snowden leaks?
It's also possible to use machine learning to "fingerprint" encrypted blobs entering guard nodes and correlate them with websites (even onion services!), although it gets less feasible as the set of potential websites increases.
Yes, the cost wouldn't be prohibitive. It is not hard to see how it could be profitable for a small security company to do this and sell the information on.
