It’s like apples and bowling balls IMO. If the Yubikey directly stored hundreds of thousands of dollars of bearer assets that could be stolen remotely from an attacker anywhere on earth, then it would be a lot more risky. But that’s not typically what the Yubikey is for, unlike a crypto hardware wallet.

Installing a general-purpose hardware or software backdoor on OEM hardware enables general-purpose attacks, and in my view isn't necessarily less lucrative than attacking a cryptocurrency wallet's supply chain specifically.