I imagine that when you have taps at all the colocation centers (which each node would need to go through - and even a surprising number of hops overseas go through the US due to the cheaper price of bandwidth) you may not need to control the endpoints to break anonymity, with enough statistical analysis of the packets entering and exiting the known tor nodes. Tor doesn't work against attackers who can monitor the whole network, and the developers say so up front.