At least in theory, it's actually relatively simple to mount a phishing site against 2FA. Imagine you browse to a phishing site (phishing.com) that looks like the Google login page. It asks you for email, and then password. The phising site then tries to log in as you into the real Google, but receives an error of 2FA required. It then prompts you for the 2FA token, and you enter the token. The phishing site can forward the token to Google and complete the login.

In practice, there are a lot of details that make such a phishing site pretty hard to build against Google itself, but you get the idea.

The point of security keys and U2F is that they sign a one-time code AND the domain of the site that you're visiting. So, even if the phishing site forwards this signature to Goolge, the signature will be invalid (in contains phishing.com instead of google.com). Does this makes sense?