Millions of malicious Internet-wide scanning are happening on a daily basis, looking for exposed sensitive files on insecure Internet-facing servers. Corporate info, sensitive data, or personal files are always the popular juicy targets. What if we can easily craft a 'tailor-made' deceptive file, let it get stolen on the Internet and notify us with the 'thief' information? In this session, we will showcase a 90-days interesting real-world use case, by spreading '$100,000 worth' Bitcoin wallets on the Internet with different means selectively. These wallets were embedded in 'tailor-made' archive file, with custom alerting mechanisms. Surprisingly all wallets were stolen, and some of them even get stolen within minutes! We will share the technique in detail, do's and don'ts with lessons learned. We will deep dive into the interesting collected results, unexpected fruitful observations and expose the 'thief'. We will introduce 'Honeybag' - a new open source honeyfile which everyone can easily craft the deceptive archive, with tailored alerting mechanism and support for any embedded decoy documents. This will be useful in data breach detection and cyber crime investigation.