This isn’t a problem for my specific usecase. Thanks for mentioning this issue.
The use of Onionbalance protects the onion service key by pointing to a different service descriptor (server).
When the attacker hacks the server, it is not the same key as the master key hosted by the Onionbalance instance, correct?
What about using OpenVPN and Wireguard or Lokinet as I mentioned earlier. I have done some speed tests and Lokinet can handle the required load.