Hi,
I think this article from the Let's Encrypt blog post will explain why Let's Encrypt doesn't take action against domains involved in phishing or abuse.
TL;DR: There are better channels to report problematic domains to, including Google Safe Browsing, and Microsoft SmartScreen. They do a much better job getting warnings out than a certificate authority could. At on point, Let's Encrypt even checked domains against Google's API. This is no longer the case (explained in this forum post.)