This is very odd indeed. That does not seem to be a Solaris error message. I searched the Solaris source code for the word "theft" and I got no hits. Looking through the ftpd source code, it looks like the Solaris ftpd does not check for this condition. There is a macro called FIGHT_PASV_PORT_RACE which is set to 1 to enable the test, but that macro is never checked again. This means that I don't really know where to go from here.
I have heard of this error from other ftp servers. Let me describe what happens when they correctly issue this complaint. You connect to the ftp server and establish a control connection. The ftp server can then make a note of the source IP address. Your client switches into passive mode automatically. Then you request a file transfer. The ftp server sets up a port for your client to connect to. This second connection is the data connection. When the connection is established, the server can look at the source IP address. The ftp server expects that the same IP address should originate both connections. If that data connection seems to come from a different IP address than the control connection, the ftp server issues this error message. This behavior closes a security hole opened by the use of passive ftp. There is generally some way to disable this check, but it may involve a recompile. All of this implies that you somehow used a different source IP address for the two connections. Is that possible?
I can't imagine why you're seeing that message. I guess that a very active firewall might be able to do that, so check your firewall. Other than that, it beats me.