Yubico

EUCLEAK and your Yubikey
April 30, 2026 Editorial Yubico Security

In September 2024, security researchers at NinjaLab disclosed EUCLEAK, a side channel attack against the Infineon ECDSA library running on the NXP A700x family of secure elements. That family of chips ships inside Yubico’s Yubikey 5 series, the Yubikey 5 FIPS series, the Security Key Series, and the Google Titan keys. Roughly speaking, every popular FIDO2 token built on that platform is in scope.

If you own a Yubikey, you probably saw the headlines and wondered if you needed to throw your key in the trash. The short answer is no. The longer answer is more interesting, and it is worth understanding so you can make a sensible decision about whether to replace your key.