Your program has been hacked using a mitm certificate spoofing attack. This means that the program does not validate the server certificate (figuratively speaking, ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, sslPolicyErrors) => true;), which allows an attacker to generate a self-signed certificate for your domain, redirect traffic to his local server and the program will trust this server as your own. Either validates using root certificates from the operating system trust store. In this case, the attacker will simply add his generated certificate to the OS trust store and your program will trust the fake certificates of the attackers.
The solution to this problem is to use the certificate pinning or public key pinning technique.. That is, you need to sew into the program the root certificate of the CA from which you purchase certificates (lets encrypt?) and validate responses only using it. No OS trust store and never ignore validation errors.