Yes, but the article made it seem like they had RCE to his home PC. With that they installed the keylogger to retrieve the master key which they then used to decrypt the offline vault.
I think the point is that all of the users of Lastpass whose passwords were put at risk through this one breach. Using Lastpass means that a single, high-value target is now an attack vector that can affect you. If you keep it offline yourself, you're not likely to be a high value target, and you won't have to worry about the 3rd party with your passwords being compromised.
