Currently, the two best-reputed password managers on the market seem to be 1password and Bitwarden. Neither of them, as far as I'm aware, has yet suffered a major breach of user secrets. But, given sufficiently many determined attackers over a sufficiently long time, this state of affairs seems unlikely to last forever.

This market will resolve to whichever of 1password or Bitwarden suffers a security breach, with user secrets leaked to plaintext, first. 'User secrets' here are those stored in the password-manager-vault itself; a breach wherein, for example, customer payment information is exposed, but only that used to pay the 1password or Bitwarden companies and not the rest of that which is locked away in the password manager, won't count for the resolution of this market.

In Bitwarden's case, resolution will be based specifically on a breach of the large bitwarden.com instance or of some comparably-large instance which may exist in the future; a breach of a small self-hosted instance which might be egregiously misconfigured won't qualify. 1password, as far as I'm aware, doesn't support hosting by anyone outside of their own company, but if they add such support in the future then similar considerations will apply there as well.