The Mirai botnet that took advantage of unprotected IoT devices did so for internet connected hardware such as video cameras and DVRs. It used these to send large amount of ping requests to the Dyn DNS server.
Dots are not Internet-enabled so a hacker cannot exploit it to do something similar. Because Dots are Bluetooth-based, no one can remotely access Dots and avoids this problem. Hope this helps!