Hashed phone numbers are unfortunately not a panacea, because they are easily reversible. You won't even have to go through every possible phone number and hash it, because you can first get the numbers of all the people who signed up for the service in a particular country. The study you are referring to claims the researchers identified the phone number of every Signal user in the US last September. So all you need to do is just hash the results and you have a pretty good database to look up every hashed phone number you intercept to "unhash" it.
The Signal team tried to fix the above by using a proprietary feature of Intel chips called SGX, but it turned out that these chips have been backdoored and hacked several times, last timeinJune. Since then, people have been pointing out that hashing contact numbers with SGX the Signal way is far from bullet-proof and creates an illusion of safety without actually delivering it.
Since Signal hosts the user private data at Amazon, which is known to cooperate with goverments, the contact lists of Signal users are far from invulnerable.