There's no doubt that, aside from the criminals, LastPass is the one to blame for this mess - their breach notifications heavily downplayed the danger of stolen vaults.
Still I wonder why so many "security minded people" did not do a pre-emptive changing of passwords and moving of funds when the breach(es) were made public.