They’re relying on software compartmentation when they should use a physical Tor proxy. Escaping a virtual machine host is possible, but breaching a hardware gap leaves a much smaller attack surface.
They need to ensure the financials are compartmented so even if the server is located it provides no clues back to the owners.
They should buy some more servers and slowly feed them into the Tor system. They’ll use these as private guard entry nodes to make sure their first hop is safe. Cover them by making them available as private bridges for hard to exit countries.
For best safety they probably want to pull an exit scam after a year. That way, just as the investigation is making progress, they vanish. Leaving less to investigate.
Those are the obvious errors that stand out to me.