Lots of sites do in fact block VPNs successfully. How? Well they could just sign up for NordVPN and see which IPs they use directly. Its not rocket science.
I do have a bit of experience with managing WAFs for large online gaming providers and I can tell you it's not a solved problem. Netflix would also love to hear how I guess.
Even if you somehow manage to enumerate the Nordvpn IPs - a thing of which Nordvpn probably thought in their threat model - then you still have thousands of other providers.
