It is definitely concerning you appear to be the only one to occur this - for a MiTM attack to take place(Some hostile node between you and the server adjusting contents on the way past) then there's two conditions that should require to be satisfied. The hostile node needs to be "enroute" and the hostile node needs to be edit the traffic.
Enroute is easy, there's plenty of ways to get that one, the editing the traffic however shouldn't be so trivial. The HTTPS should mean that any node between you and the sever just sees gibberish, thusly it wouldn't know where to put the button. Further, if it tried to, the entire page wouldn't decrypt when it comes to display it.
If you'd connected to a hostile node, instead of Asgardia, and accepted a certificate it passed you then it could fetch contents from Asgardia and adjust them on the way past - but the certificate mismatch should be obvious - almost all browsers warn of self-signed certs, not matching the domain it's set for etc. This condition being true would then raise questions of how you came to be connected to that node, instead of your intended destination. This condition being true would also mean the act of logging in to start this thread gave your authentication details to third parties, and should be adjusted ASAP. Preferably sooner.
Another option is that your browser is infected, and consequently inserting adverts earning the criminals money from your views/clicks.
Pasting HTML might be sanitised in the forum, but you could of used a service like dpaste.com to hold the bulk of the text and return a link. For screenshot somewhere like imgur could of worked. Is this something you are still able to replicate? if so can evidence?
By far, I find the most concerning part "official" - That implies that it's targeted specifically at our users...