Here is a pretty good article explaining the main differences between TOTP and U2F.
Yeah, pretty clear picture explaining U2F authentication with relatively small errors which fail to take account of the fact that public key goes to server's database at the first add of the dongle to user's account. Then it is stored in database forever.
There are also differing views on who generates "nonce" - the server or U2F dongle when registering at service. I have read somewhere that when it comes to Google it is his responsibility to generate that random number (nonce) that triggers private-public keys creation inside U2F stick. At the same time some services say that nonce is generated by U2F dongle. But I think it doesn't matter and arguably depends on the service.
BTW, Google has the option to add two U2F keys to your account.
I've seen Binance, Coinbase and Bitfinex are offering it
https://www.binance.com/en/blog/351376985820852224/You-Can-Now-Use-Hardware-Security-Keys-on-Binance
https://blog.coinbase.com/securing-your-crypto-with-security-keys-and-webauthn-551124b72d8e
https://support.bitfinex.com/hc/en-us/articles/115003616589-Universal-2nd-Factor-U2F-2FA-Setup
But other big ones like Kraken for example are only planning to add this protocol
https://support.kraken.com/hc/en-us/articles/360001363963-Yubikey-and-2FA-device-compatibility