Is it possible to get hacked if my bcrypt hash is publically known?
A brief overview of weak hash algorithms vs. bcrypt
With weak password hashing algorithms, what hackers will do is try millions, or billions of different combinations - as fast as their hardware allows for - and many easy passwords will fall quickly to rainbow tables / password crackers / dictionary-based attacks.
Attackers will try to compare a massive quantity of strings to your hash, and the one that validates is very likely your password. Even if it isn't, you can still log in with it because you've found a collision.
However, bcrypt is different. It's computationally slow, so this cracking will be slowed down immensely. Bcrypt can help slow cracking down to the point where you can only do a few tests per second, if that. This is due to the computational cost factor. You should read this answer by Thomas Pornin for a better explanation:
If the iteration count is such that one bcrypt invocation is as expensive as 10 millions of computations of MD5, then brute-forcing the password will be 10 million times more expensive with bcrypt than with MD5.
That's the point of having configurable slowness: you can make the function as slow as you wish. Or, more accurately, as slow as you can tolerate: indeed, a slow function is slow for everybody, attacker and defender alike.
So it really depends on the added computational cost. Some custom hardware solutions are able to crack bcrypt hashes at upwards of 52k hashes per second. With a standard attack, and a poor password, you don't have much hope of holding out for long. Again, this depends on the computational cost: even this custom hardware solution can be forced down to 2-5 hashes per second, or even slower.
Do not re-use passwords if you care about the accounts.
I already found your credentials, and "cracked" your bcrypt hash
But I won't hack you, don't worry. This is just to demonstrate why you should update your credentials, and stop-reusing your password. You wanted an answer, so what better than a live demonstration?
You're from the U.K., correct? Your bcrypt hash is also $2a$10$omP392PbcC8wXs/lSsKZ5Ojv9.wFQ7opUn7u3YUBNu0kkbff0rB.m
, correct? I already "cracked" your password, and I know your accounts. I see you, a thief on the roof. My new satellite link has both infrared and the x-ray spectrum. I see your heart beating; I see you are afraid.
This should go without saying: you should definitely change your passwords. Start changing your credentials now... before it's too late. You should be worried, and you should change your passwords. Now.
Yes, bcrypt can be extremely slow, but...
I actually found a way to completely side-step the brute-forcing process with simple data aggregation and correlation. I wrote a little program that ties a few pieces of information together, and compares them. Not a password cracker or anything like that, but at the end of the day, it got the same job done.
For your privacy - and as per your request - I will not share how I did this on here, but you should know that I am not the only one who can do it. If I can do it, so can others.
However... you need to stop reusing passwords!
You really, really do not want to do this. If one site is compromised, having different passwords on other accounts protects the others from breaches as well.
Update all of your accounts, even ones you haven't used in a while, and stop reusing passwords unless you don't care about them. You may want to consider something like KeePass.
You can't decrypt the hash, because - as you said - hash functions can't be reversed.
You should still change your passwords. Attackers will try to bruteforce the hash, and - if successful - will try the credentials on your email account and possibly further websites.
As you mention "all my passwords" it should also be noted that you should not reuse passwords for anything that is remotely important (and your passwords should also not follow some common structure). For throw-away accounts weak passwords and password reuse may be fine, but for anything else, it is not, exactly because of situations like these: Once one server is breached, attackers will try the credentials on different services as well.