It could be just a trojan which sent key-file with its pass and all other passes from the web-money keeper... I don't really imagine how could it steal such strong protected passwords from the keeper. By the way, all passwords are kept in md5 there, aren't they?