The existence of a cloned physical key is not possible due to FIDO U2F protocol. Every sign operation increases a counter on the device. It's supposed that services will keep track of this counter and don't accept signatures with an incorrect counter (less than known).
