If Facebook were required to hash and salt phone numbers, then the correct 2FA value might still work (it would match the salt and has), but an arbitrary list of submitted values would be expensive to match to the hashed set.
Facebook would be unable to contact the user via SMS, they would have to issue a token via WWW or app and have the user text that to a specific address from the corresponding phone number to achieve phone-based 2FA. This might even be a third-party service to deny FB any direct access to the phone number.
The verification channel might become a phishing target via spoofed FB pages or apps, though that would be moderately expensive and of limited use. An attacker might request FB login credentials (the actual verification would not), might acquire a phone number (generally, though not always, a non-critical datapoint), and would still be denied account access via 2FA without further compromises, say, social-engineering the phone account (a proven risk, though expensive at scale).
Tildes.net uses a similar mechanism for recovery email addresses.
Lol! Phone numbers have less than 40 bits of entropy, it's trivial to break those hashes.