Not necessarily. If a consumer's device is bricked within the (usually 1-year) warranty period, then they're able to send it back to the manufacturer for a replacement, which pushes the cost right back to the manufacturer.
Also, if the device is bricked very quickly after buying it and installing it, the consumer will very likely simply return it to the retailer as defective, which again pushes costs back to the manufacturer.
I think that's actually the only solution to the IoT security problem: more people regularly scanning for and bricking these devices, until the return rates make it unprofitable to sell broken devices in the first place
In that case, I think for the vigilantes it's absolutely critical that they figure out how to brick these devices as quickly as possible when they come on the market, because if they're targeting devices that are a couple years old now, that means many consumers will be past their warranty period and may not be able to return them.
I was on the fence about this vigilante bricking until reading your comment. Pushing the cost back to the manufacturer in this case should make considerable difference since these are low-cost devices and therefore the cost to the manufacturer of each return will probably cancel the profit of the last ten sold. Those proportions will become hard to ignore.
Also, if the device is bricked very quickly after buying it and installing it, the consumer will very likely simply return it to the retailer as defective, which again pushes costs back to the manufacturer.