The linked blogpost actually says that the attack is against secure chat and explains what it does, it just underplays how serious it is.
Basically, when setting up a secret chat the two parties use something called a Diffie-Hellman key exchange to agree on a secret encryption key without eavesdroppers being able to tell what the key is. However, the parties can't tell whether they've securely agreed on a key with the right person - the Telegram server could do a man-in-the-middle attack by doing the other side of the DH key exchange with each party itself so that it knows all the keys, and then decrypt log, and re-encrypt all the messages between them. The fairly standard solution Telegram uses is to allow both parties to manually check that they agreed on the same keys - with normal Diffie-Hellman, this is enough to ensure no-one has MITMed the connection. Unfortunately, their protocol is modified from normal DH in a way that makes this check useless. The server can launch a MITM attack that causes both parties to agree on the same key, so they think they've securely agreed on a key that no-one else has when the server's got a copy too and is decrypting all their messages.
Seems like I had potatoes on my eyes. Your explanation made the whole thing quite a bit clearer to me than the original post, thanks for that. I think it's good that this weakness is now in the open - this will create some pressure on Telegram to solve it since, as I understand, it compromises one of the main features of their service. Their way of handling the fix will decide whether they should be taken seriously I think.
Basically, when setting up a secret chat the two parties use something called a Diffie-Hellman key exchange to agree on a secret encryption key without eavesdroppers being able to tell what the key is. However, the parties can't tell whether they've securely agreed on a key with the right person - the Telegram server could do a man-in-the-middle attack by doing the other side of the DH key exchange with each party itself so that it knows all the keys, and then decrypt log, and re-encrypt all the messages between them. The fairly standard solution Telegram uses is to allow both parties to manually check that they agreed on the same keys - with normal Diffie-Hellman, this is enough to ensure no-one has MITMed the connection. Unfortunately, their protocol is modified from normal DH in a way that makes this check useless. The server can launch a MITM attack that causes both parties to agree on the same key, so they think they've securely agreed on a key that no-one else has when the server's got a copy too and is decrypting all their messages.