This is true, except for scrypt, which is very tough to make ASICs for. As for bcrypt, it's true that ASICS can go very fast, but you ultimately have a massive advantage as defender here. An attacker needs to try billions of combinations per hash, but you can simply take a whole second of CPU time (scaled to your current load, roughly) if you want -- that's not a lot for a user, but for an attacker taking several billion of even half a second makes cracking very, very hard.
FWIW there are ASICs now that will get orders of magnitude faster hash throughput than your servers.