ECDSA algorithm is usually used in ICT system to ensure the authenticity of communication. But the weaknesses in various implementations of ECDSA may make its security deviate from theoretical guarantee. This paper proposes a new lattice-based weak curve fault attack on ECDSA. Since the ECDLP is not required to be computationally practical on the whole group of $$\langle G \rangle $$⟨G⟩ (G is the specified base point of ECDSA), our approach extends the existing attacks along this line. In detail, the proposed attack assumes a segment of consecutive bits of the curve parameter a in the Weierstrass equation of ECDSA can be disturbed randomly by fault injection and thus is changed into $$a'$$a′. An analysis about the density of smooth numbers demonstrates the faulty parameter $$a'$$a′ can be used for our attack with high probability. Then we show $$a'$$a′ can be recovered by a dedicated quadratic residue distinguisher. Some reduced information about the nonce used in ECDSA signature generation can be obtained by solving the instances of ECDLP on the new curve about $$a'$$a′. With the help of these information, we can construct a new model of lattice to recover the private key with the lattice basis reduction techniques. Further, we show the same strategy can defeat the nonce masking countermeasure if the random mask is not too long, and makes the commonly employed countermeasures ineffective. To our knowledge, the problem remains untraceable to the existing weak curve fault attacks. Thus the proposed approach can find more applications than the existing ones. This is demonstrated by the experimental analysis.