>The attacks require about $11,000 worth of equipment and a sophisticated understanding of electrical and cryptographic engineering. The difficulty of the attack means it would likely be carried out only by nation-states or other entities with comparable resources and then only in highly targeted scenarios. The likelihood of such an attack being used widely in the wild is extremely low.<p>While this isn't great advertisement for Yubikey, it doesn't feel like the most practical of exploits. And as it's mostly(only?) used as second factor it's one of many hurdles most things don't warrant.<p>Of course if you're protecting a crazy full crypto account or deploy a massively popular or low-level github library you might want to check out swapping keys.