The browser sends the domain as part of the request to the U2F key; so a MITM would need to be a true network-level MITM and not just a fake website MITM. The user would then have to ignore the cert error as well.

I'm not saying it's not impossible, but the it's not the primary attack U2F is designed to prevent.