> The user again proves possession of the authenticator and the device generates a response by signing the challenge with its private key.

This sounds very similar to how hardware wallets work.

I know some wallets support FIDO2, but I wonder if FIDO2 devices like yubikeys could also be used as hardware wallets.

There are probably UX reasons why this isn't a good idea, but I wonder if the math would work.