I don't think it was up to Reddit. Some providers offer no way to do MFA without mandatory SMS involvement in some way -- either primary delivery is by SMS or you can "reset" / get back up codes via SMS.
Because of cases like this, it's also the admin's responsibility to have their wireless provider put a security pin and a Do Not Port order on their account. Sometimes reps will ignore this and port people's accounts anyway, but it's still negligent not take this precaution.
Phone company reps are notorious for ignoring any and all such notes on accounts, we can't know for sure if Reddit had this in place but it probably wouldn't be much of a hurdle
It does sound like they used TOTP when possible but in some instances only SMS was available. My issue is that they seem to act surprised that SMS is so broken. I have trouble believing that any admins of a site that large have missed the various security alerts and news articles about hacked accounts, lost cryptocurrency, etc.
