Last week, researchers revealed the existence of Meltdown, one of two major security flaws that affects pretty much every modern computer and could allow attackers to gain access everything on those computers, including passwords and other sensitive personal information. After patches to fix this vulnerability were released, rumors circulated that the patches could significantly degrade a computer’s performance.
While this is concerning for anybody, it could be a big problem for the people who use their CPU—a computer’s “brain”—to mine Monero, the only top 20 cryptocurrency by market cap that supports CPU mining, rather than requiring graphics cards or other specialized hardware. It would also be a serious hit to operations that hijack CPU power from tons of people to turn a profit, like the in-browser mining extension Coinhive or the North Korean university students who apparently created Monero mining malware.
To find out if these concerns held any water, I reached out to Coinhive, which completely relies on CPU mining and accounted for roughly five percent of the Monero network’s total mining power in September of last year, to see if the patches had any effect on their swarm mining capacity. As a Coinhive spokesperson told me in an email, as far as they could tell, “Meltdown had no effect on overall mining rates.”
“It is our understanding that the Meltdown patch should not affect mining speeds much or at all,” the Coinhive spokesperson wrote. “The Meltdown patch only slows down system calls, but Monero runs entirely in user space. It doesn’t need to make any system calls.”
As Motherboard editor Michael Byrne explained, the vulnerability is dangerous because it could provide a hacker with access to a system’s kernel. A computer’s kernel is its inner sanctum, responsible for interfacing between the hardware and the user-facing applications. A system call occurs when an application wants to interact with the computer’s hardware, but according to Coinhive its Monero mining technique doesn’t rely on these operations.
Now that Meltdown patches have been pushed out by Linux, Microsoft, Apple and other tech companies, it appears that the rumored CPU performance degradation may have been a bit overstated in general, not just for cryptocurrency mining. A benchmark test by Tom’s Hardware found that the Microsoft patch had “little impact” on performance, a sentiment echoed by Google engineers that found patches had “negligible performance impact.”
Still, at least one Monero miner has claimed a 45 percent decrease in Monero mining capacity after pushing a Meltdown patch. As user “RigacciOrg” described in a Reddit post, their mining performance took a nosedive after they pushed a Linux kernel update that included the Meltdown patch. This may be a wider symptom of the Linux patch, known as KAISER, which seems to affect Linux performance in general, but shouldn’t affect applications running in user space like Monero mining.
In-browser cryptocurrency mining like Coinhive’s service is expected to be a huge trend this year, and it looks like even one of the worst CPU vulnerabilities ever uncovered isn’t likely to stop it.